Edit tour

Windows Analysis Report
http://yaocanting.com

Overview

General Information

Sample URL:http://yaocanting.com
Analysis ID:1577761
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 4080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2232,i,12666901856259099238,7747285466013212120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://yaocanting.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://yaocanting.comAvira URL Cloud: detection malicious, Label: malware
Source: https://yaocanting.com/favicon.icoAvira URL Cloud: Label: malware
Source: http://yaocanting.com/Avira URL Cloud: Label: malware
Source: https://yaocanting.com/HTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 84.201.208.104
Source: unknownTCP traffic detected without corresponding DNS query: 84.201.208.104
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: yaocanting.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: yaocanting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yaocanting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: yaocanting.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: yaocanting.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 18 Dec 2024 17:01:05 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "675362e3-e3b8"
Source: chromecache_44.2.dr, chromecache_45.2.drString found in binary or memory: https://www.aapanel.com/new/download.html?invite_code=aapanele
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: mal56.win@17/4@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2232,i,12666901856259099238,7747285466013212120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://yaocanting.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2232,i,12666901856259099238,7747285466013212120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1577761 URL: http://yaocanting.com Startdate: 18/12/2024 Architecture: WINDOWS Score: 56 22 Antivirus detection for URL or domain 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49723 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 yaocanting.com 81.19.135.228, 443, 49740, 49741 IVC-ASRU Russian Federation 11->18 20 www.google.com 142.250.181.132, 443, 49738, 49769 GOOGLEUS United States 11->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://yaocanting.com100%Avira URL Cloudmalware
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://yaocanting.com/favicon.ico100%Avira URL Cloudmalware
http://yaocanting.com/100%Avira URL Cloudmalware

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
yaocanting.com
81.19.135.228
truefalse
    unknown
    www.google.com
    142.250.181.132
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      https://yaocanting.com/false
        unknown
        https://yaocanting.com/favicon.icofalse
        • Avira URL Cloud: malware
        unknown
        http://yaocanting.com/true
        • Avira URL Cloud: malware
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://www.aapanel.com/new/download.html?invite_code=aapanelechromecache_44.2.dr, chromecache_45.2.drfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          81.19.135.228
          yaocanting.comRussian Federation
          24658IVC-ASRUfalse
          239.255.255.250
          unknownReserved
          unknownunknownfalse
          142.250.181.132
          www.google.comUnited States
          15169GOOGLEUSfalse
          IP
          192.168.2.4
          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1577761
          Start date and time:2024-12-18 17:59:56 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 2s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://yaocanting.com
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal56.win@17/4@6/4
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 64.233.162.84, 172.217.19.206, 172.217.21.35, 172.217.17.46, 217.20.58.100, 192.229.221.95, 172.217.17.35, 23.218.208.109, 20.12.23.50, 13.107.246.63
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: http://yaocanting.com
          No simulations
          No context
          No context
          No context
          No context
          No context
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text, with very long lines (56756)
          Category:downloaded
          Size (bytes):58296
          Entropy (8bit):6.052265860508475
          Encrypted:false
          SSDEEP:768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM
          MD5:CBB42513032D6C09E496731AC16C20A9
          SHA1:C92F38A701AAD58408451D24DD4C47B05F158CF0
          SHA-256:D189695B2F3BB92369881F2428FA861DCA9D9A94C638D9BDC4E2FA747D6F315B
          SHA-512:3D76F1018AFCEABA7CBB4083F4A5B5758966EC2AA5D5C6B07D72361782809F7ED4BD34ED9E0C4154D01A2DB7192155DE8251E5A834DD90B8D9823D916E1B7285
          Malicious:false
          Reputation:low
          URL:https://yaocanting.com/favicon.ico
          Preview:<!doctype html>.<html>..<head>...<meta charset="utf-8" />...<meta name="viewport" content="width=device-width, initial-scale=1.0" />...<title>404 Not Found</title>...<style>....* {.....margin: 0;.....padding: 0;.....box-sizing: border-box;....}....html {.....height: 100%;....}....body {.....height: 100%;.....font-size: 14px;....}.....container {.....display: flex;.....flex-direction: column;.....align-items: center;.....height: 100%;.....padding-top: 12%;....}.....logo img {.... display: block;.... width: 100px;....}.....logo img + img {.... margin-top: 12px;....}.....title {.....margin-top: 24px;.....font-size: 110px;.....color: #333;.....letter-spacing: 10px;....}.....desc {.....font-size: 16px;.....color: #777;.....text-align: center;.....line-height: 24px;....}.....footer {...../* position: absolute;.....left: 0;.....bottom: 32px;.....width: 100%; */.....margin-top: 24px;.....text-align: center;.....font-size: 12px;....}.....footer .btlink {.....color: #20a53a;.....text-de
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text
          Category:downloaded
          Size (bytes):1366
          Entropy (8bit):4.613479396138565
          Encrypted:false
          SSDEEP:24:0pFV6NB8jVoF/JYBozSl5s6s77ffdg39v157NaTPuP3fkc4:0kBABozWX8dMh7NdM
          MD5:9ED2F42D562702AC623DA07660333BFD
          SHA1:8388C7D2F94AB5AD11023FB14B05A5C03CC1B73C
          SHA-256:0BAE6089419EA8F95D7DDF86BA40A6B6C8AE6FCA852DD9B70351F869E19DF27B
          SHA-512:81C2A15532BFF1FCE6EB0BA628DD20AB14F164D5B1C727CEBD2B8AB9D20026A71EFAD9005DD5604B1B7F15E8E1BD370DD34056F3AB3730A2394007FBDEFD5F76
          Malicious:false
          Reputation:low
          URL:https://yaocanting.com/
          Preview:<!doctype html>.<html>.<head>. <meta charset="utf-8">. <title>Site is created successfully! </title>. <style>. .container {. width: 60%;. margin: 10% auto 0;. background-color: #f0f0f0;. padding: 2% 5%;. border-radius: 10px. }.. ul {. padding-left: 20px;. }.. ul li {. line-height: 2.3. }.. a {. color: #20a53a. }. .footer {..../* position: absolute;....left: 0;....bottom: 32px;....width: 100%; */....margin-top: 24px;....text-align: center;....font-size: 12px;...}....footer .btlink {....color: #20a53a;....text-decoration: none;...}. </style>.</head>.<body>. <div class="container">. <h1>Congratulations, the site is created successfully! </h1>. <h3>This is the default index.html, this page is automatically generated by the system</h3>. <ul>. <li>The index.html of this page is in the
          No static file info

          Download Network PCAP: filteredfull

          • Total Packets: 70
          • 443 (HTTPS)
          • 80 (HTTP)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Dec 18, 2024 18:00:41.622648954 CET49675443192.168.2.4173.222.162.32
          Dec 18, 2024 18:00:51.230411053 CET49675443192.168.2.4173.222.162.32
          Dec 18, 2024 18:00:54.904992104 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:54.905035019 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:54.905096054 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:54.905363083 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:54.905373096 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:56.641293049 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:56.641588926 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:56.641623020 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:56.643045902 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:56.643117905 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:56.644165039 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:56.644248962 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:56.685065985 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:56.685082912 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:00:56.731579065 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:00:56.883279085 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:00:56.883621931 CET4974180192.168.2.481.19.135.228
          Dec 18, 2024 18:00:57.003081083 CET804974081.19.135.228192.168.2.4
          Dec 18, 2024 18:00:57.003160954 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:00:57.003364086 CET804974181.19.135.228192.168.2.4
          Dec 18, 2024 18:00:57.003390074 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:00:57.003418922 CET4974180192.168.2.481.19.135.228
          Dec 18, 2024 18:00:57.124304056 CET804974081.19.135.228192.168.2.4
          Dec 18, 2024 18:00:58.332624912 CET804974081.19.135.228192.168.2.4
          Dec 18, 2024 18:00:58.372561932 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:00:58.481331110 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:58.481380939 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:00:58.481451988 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:58.482029915 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:58.482050896 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:00:59.980482101 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:00:59.980958939 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:59.980986118 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:00:59.982623100 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:00:59.982718945 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:59.987837076 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:59.987929106 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:00:59.988018990 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:00:59.988034964 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:01:00.030122042 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:00.535362005 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:01:00.535530090 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:01:00.535672903 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:00.536838055 CET49743443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:00.536860943 CET4434974381.19.135.228192.168.2.4
          Dec 18, 2024 18:01:00.626518011 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:00.626600027 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:00.626730919 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:00.627033949 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:00.627067089 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.087260962 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.087670088 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.087737083 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.088344097 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.088900089 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.088995934 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.089111090 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.135334015 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.766982079 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.767065048 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.767111063 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.767144918 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.767162085 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.767174959 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.767229080 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.883465052 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.883549929 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.883594990 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.883630991 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.883666039 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.883685112 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.960228920 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.960278988 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.960308075 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.960334063 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:02.960365057 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:02.960385084 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:03.036612988 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:03.036700010 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:03.036717892 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:03.036798000 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:03.036854029 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:03.037185907 CET49744443192.168.2.481.19.135.228
          Dec 18, 2024 18:01:03.037220955 CET4434974481.19.135.228192.168.2.4
          Dec 18, 2024 18:01:06.311208963 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:06.311394930 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:06.311448097 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:07.202347994 CET49738443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:07.202378035 CET44349738142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:11.600578070 CET4972380192.168.2.4199.232.214.172
          Dec 18, 2024 18:01:11.720998049 CET8049723199.232.214.172192.168.2.4
          Dec 18, 2024 18:01:11.721064091 CET4972380192.168.2.4199.232.214.172
          Dec 18, 2024 18:01:25.691015959 CET804972484.201.208.104192.168.2.4
          Dec 18, 2024 18:01:25.691396952 CET4972480192.168.2.484.201.208.104
          Dec 18, 2024 18:01:25.691442966 CET4972480192.168.2.484.201.208.104
          Dec 18, 2024 18:01:25.810972929 CET804972484.201.208.104192.168.2.4
          Dec 18, 2024 18:01:42.012115002 CET4974180192.168.2.481.19.135.228
          Dec 18, 2024 18:01:42.132371902 CET804974181.19.135.228192.168.2.4
          Dec 18, 2024 18:01:43.340886116 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:01:43.460637093 CET804974081.19.135.228192.168.2.4
          Dec 18, 2024 18:01:54.816942930 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:54.817028999 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:54.817126989 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:54.817513943 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:54.817548990 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:56.515697002 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:56.520828009 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:56.520890951 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:56.522386074 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:56.528656960 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:56.528851986 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:01:56.575139999 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:01:57.202227116 CET4974180192.168.2.481.19.135.228
          Dec 18, 2024 18:01:57.322696924 CET804974181.19.135.228192.168.2.4
          Dec 18, 2024 18:01:57.322870016 CET4974180192.168.2.481.19.135.228
          Dec 18, 2024 18:01:58.369761944 CET804974081.19.135.228192.168.2.4
          Dec 18, 2024 18:01:58.369847059 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:01:59.202060938 CET4974080192.168.2.481.19.135.228
          Dec 18, 2024 18:01:59.328548908 CET804974081.19.135.228192.168.2.4
          Dec 18, 2024 18:02:06.244904041 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:02:06.245044947 CET44349769142.250.181.132192.168.2.4
          Dec 18, 2024 18:02:06.245120049 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:02:07.204893112 CET49769443192.168.2.4142.250.181.132
          Dec 18, 2024 18:02:07.204971075 CET44349769142.250.181.132192.168.2.4
          TimestampSource PortDest PortSource IPDest IP
          Dec 18, 2024 18:00:50.961623907 CET53584871.1.1.1192.168.2.4
          Dec 18, 2024 18:00:50.972234964 CET53588561.1.1.1192.168.2.4
          Dec 18, 2024 18:00:53.656337976 CET53514431.1.1.1192.168.2.4
          Dec 18, 2024 18:00:54.763504028 CET5227053192.168.2.41.1.1.1
          Dec 18, 2024 18:00:54.763622999 CET5712753192.168.2.41.1.1.1
          Dec 18, 2024 18:00:54.903795958 CET53571271.1.1.1192.168.2.4
          Dec 18, 2024 18:00:54.904028893 CET53522701.1.1.1192.168.2.4
          Dec 18, 2024 18:00:56.514007092 CET6358553192.168.2.41.1.1.1
          Dec 18, 2024 18:00:56.514137030 CET6283353192.168.2.41.1.1.1
          Dec 18, 2024 18:00:56.882229090 CET53635851.1.1.1192.168.2.4
          Dec 18, 2024 18:00:56.882781029 CET53628331.1.1.1192.168.2.4
          Dec 18, 2024 18:00:58.338079929 CET6447253192.168.2.41.1.1.1
          Dec 18, 2024 18:00:58.338664055 CET6430953192.168.2.41.1.1.1
          Dec 18, 2024 18:00:58.477596998 CET53644721.1.1.1192.168.2.4
          Dec 18, 2024 18:00:58.478562117 CET53643091.1.1.1192.168.2.4
          Dec 18, 2024 18:01:10.675188065 CET138138192.168.2.4192.168.2.255
          Dec 18, 2024 18:01:10.836261988 CET53629821.1.1.1192.168.2.4
          Dec 18, 2024 18:01:29.451706886 CET53652181.1.1.1192.168.2.4
          Dec 18, 2024 18:01:50.622917891 CET53655061.1.1.1192.168.2.4
          Dec 18, 2024 18:01:52.105936050 CET53511441.1.1.1192.168.2.4
          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Dec 18, 2024 18:00:54.763504028 CET192.168.2.41.1.1.10xb933Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Dec 18, 2024 18:00:54.763622999 CET192.168.2.41.1.1.10xa078Standard query (0)www.google.com65IN (0x0001)false
          Dec 18, 2024 18:00:56.514007092 CET192.168.2.41.1.1.10x62b2Standard query (0)yaocanting.comA (IP address)IN (0x0001)false
          Dec 18, 2024 18:00:56.514137030 CET192.168.2.41.1.1.10xefe4Standard query (0)yaocanting.com65IN (0x0001)false
          Dec 18, 2024 18:00:58.338079929 CET192.168.2.41.1.1.10xbbcdStandard query (0)yaocanting.comA (IP address)IN (0x0001)false
          Dec 18, 2024 18:00:58.338664055 CET192.168.2.41.1.1.10xef93Standard query (0)yaocanting.com65IN (0x0001)false
          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Dec 18, 2024 18:00:54.903795958 CET1.1.1.1192.168.2.40xa078No error (0)www.google.com65IN (0x0001)false
          Dec 18, 2024 18:00:54.904028893 CET1.1.1.1192.168.2.40xb933No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
          Dec 18, 2024 18:00:56.882229090 CET1.1.1.1192.168.2.40x62b2No error (0)yaocanting.com81.19.135.228A (IP address)IN (0x0001)false
          Dec 18, 2024 18:00:58.477596998 CET1.1.1.1192.168.2.40xbbcdNo error (0)yaocanting.com81.19.135.228A (IP address)IN (0x0001)false
          • yaocanting.com
          • https:
          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.44974081.19.135.228802844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          Dec 18, 2024 18:00:57.003390074 CET429OUTGET / HTTP/1.1
          Host: yaocanting.com
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Dec 18, 2024 18:00:58.332624912 CET398INHTTP/1.1 301 Moved Permanently
          Server: nginx
          Date: Wed, 18 Dec 2024 17:01:01 GMT
          Content-Type: text/html
          Content-Length: 162
          Connection: keep-alive
          Location: https://yaocanting.com/
          Strict-Transport-Security: max-age=31536000
          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
          Dec 18, 2024 18:01:43.340886116 CET6OUTData Raw: 00
          Data Ascii:


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.44974181.19.135.228802844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          Dec 18, 2024 18:01:42.012115002 CET6OUTData Raw: 00
          Data Ascii:


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.44974381.19.135.2284432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-12-18 17:00:59 UTC657OUTGET / HTTP/1.1
          Host: yaocanting.com
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-12-18 17:01:00 UTC295INHTTP/1.1 200 OK
          Server: nginx
          Date: Wed, 18 Dec 2024 17:01:03 GMT
          Content-Type: text/html
          Content-Length: 1366
          Last-Modified: Fri, 06 Dec 2024 20:47:31 GMT
          Connection: close
          Vary: Accept-Encoding
          ETag: "675362e3-556"
          Strict-Transport-Security: max-age=31536000
          Accept-Ranges: bytes
          2024-12-18 17:01:00 UTC1366INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 74 65 20 69 73 20 63 72 65 61 74 65 64 20 73 75 63 63 65 73 73 66 75 6c 6c 79 21 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 25 20 61 75 74 6f 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a
          Data Ascii: <!doctype html><html><head> <meta charset="utf-8"> <title>Site is created successfully! </title> <style> .container { width: 60%; margin: 10% auto 0; background-color: #f0f0f0; padding:


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.44974481.19.135.2284432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-12-18 17:01:02 UTC584OUTGET /favicon.ico HTTP/1.1
          Host: yaocanting.com
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://yaocanting.com/
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-12-18 17:01:02 UTC191INHTTP/1.1 404 Not Found
          Server: nginx
          Date: Wed, 18 Dec 2024 17:01:05 GMT
          Content-Type: text/html
          Content-Length: 58296
          Connection: close
          Vary: Accept-Encoding
          ETag: "675362e3-e3b8"
          2024-12-18 17:01:02 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
          Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
          2024-12-18 17:01:02 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
          Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
          2024-12-18 17:01:02 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
          Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
          2024-12-18 17:01:03 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
          Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


          020406080s020406080100

          Click to jump to process

          020406080s0.0020406080100MB

          Click to jump to process

          Target ID:0
          Start time:12:00:45
          Start date:18/12/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:2
          Start time:12:00:48
          Start date:18/12/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2232,i,12666901856259099238,7747285466013212120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:3
          Start time:12:00:54
          Start date:18/12/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://yaocanting.com"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          No disassembly